A few missed letters here, a forgotten hyphen there, or the wrong domain ending — such innocent deviations are all it takes to lead users to the wrong website. It’s easy to do — you type a URL you use every day in a hurry, and in your haste, you make an error and hit enter. While these may seem like harmless mistakes, the reality can sometimes prove to be anything but. Suddenly, you’re in an unfamiliar place and often this new strange place of the internet is not a 404 message, but rather an unexpected, and often sinister website.
This phenomenon is called typosquatting and those operating such domains (called typosquatters or cybersquatters) operate on the carelessness of the user when it comes to correctly entering the URL and greeting their misguided guests with advertisements, malware, and phishing sites.
Simply put, typosquatting is URL hijacking.
Typosquatting is a type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user’s system. The extreme kind of typosquatting is similar to phishing where the wrong website mimics the real site, thus confusing the user with a false knowledge that he/she has visited the right website.
How does typosquatting work?
Let’s understand this with an example.
Say typosquatters wanted to target the Morgan Stanley bank. They might register “MorganStsnley.com”, one wrong letter from the bank’s original domain name, and set up a fake website. The individual creating this website creates a page that looks very similar to the actual Morgan Stanley’s website’s page. A user visiting might not realize this and feed in their login credentials, attempt to transfer money or do other bank related activities.
From there it’s off to the races.
How do you protect your business from typosquatting?
As a business owner, there are steps you can take to protect your customers from the perils of typosquatting. For instance, educate your users to double check the URL before logging into your website. Moreover, ensure you have an SSL certificate and inform your visitors to look for the green lock on the left side corner of the URL bar which says ‘secure’. That is one of the best ways to ensure that they’re on the right website.
Additionally, here are a few strategies you can use to protect your domain from typosquatting:
Register your trademark
While there are no laws against registering available domain names, there are laws against phishing and other malicious online activities. As a trademark holder, you can, under the Uniform Domain-Name Dispute Resolution-Policy (UDRP) launch a Uniform Rapid Suspension (URS) complaint with the World Intellectual Property Organisation if you suspect a domain name has been registered to intentionally trap the users. However, to be able to do that, you will first need to register your brand with the Trademark Clearinghouse (TMCH), ICANN’s database of protected trademarks.
Buy multiple variations of your domain name
Registering multiple spellings of your domain name could end up saving your customers and your brand reputation in the long run. Consider acronyms, plural, typos, hyphen, etc — every possible mistake that could lead to probable typosquatting.
Checkout gooogle.com, for example.
Record the proper domain ownership
The registered domain information is the ownership information. So, make sure it is not registered in the IT team’s member name. It is better to have the domain name registered in the name of the company or the senior management. It’s better to have at least two names on the registration so that when there are changes both parties are notified. Also, ensure that you are regularly renewing your domain and that it doesn’t expire under your nose. If a valuable domain name expires, the domain registrar might keep it to themselves and you may be forced to buyback your own name.
Think like a consumer
Getting in the shoes of the customer and thinking the way they do can significantly impact your domain name. Most businesses underestimate the impact of domain names on their overall web strategy. When a user is searching for you, often they will type what you sell in the URL.
For example, Calvin Klein owns the domain name underwear.com. The latter domain has proven to be more valuable to them than their brand name. It brings relevant website traffic from all the users who type underwear in their browser. Calvin & Klein have a legal right to protect calvinklein.com but they have no legal right to protect underwear.com.
Having a robust domain defense strategy is a must for your company’s long-term success and your customers’ trust in you.