Typosquatting is a form of cybersquatting, also known as URL hijacking or domain mimicry, that tricks users into visiting a malicious website.
It involves registering domains with the misspelled names of well-known sites to install malware or ransomware, steal credit card numbers, phish for personal data or login credentials, and commit other scams.
How typosquatting works
An attacker registers a URL with a one-character deviation from a popular website so that when a user misspells a domain when typing it in their browser they’re taken to a deceptive site.
One of the early typosquatting victims was Google.com by the phishing site Goggle.com, which differs from the original URL by only one letter.
An innocent inconsistency such as a missed letter, a forgotten hyphen, or the wrong domain ending can lead to harmful consequences.
If your website receives a high volume of traffic, typosquatting can be a serious cybersecurity risk for your organization.
3 crucial ways to combat typosquatting
Here are three best practices you should follow to protect your organization from typosquatting threats:
1. Train users to be on the lookout for traps
Awareness is one of the most important methods for defeating typosquatting domains. Increase your staff’s vigilance against these scam techniques by having them avoid directly navigating to sites.
They can use a search engine or voice command and bookmark sites instead of typing a site address into the browser every time.
2. Register your trademark and domain and extension variations
As a trademark holder, you can launch a Uniform Rapid Suspension (URS) complaint with the World Intellectual Property Organisation and have a site taken down that you think has the intent to lure users away from your site into a typosquatting one.
You should also register multiple spellings of your domain such as the singular, plural, and hyphenated variations, along with different extensions such as .com, .net, and .org.
3. Use anti-spoofing and secure email technology
Block attacks with anti-spoofing and secure email technology that can identify typosquatting domains and malware.
Paubox Email Suite Plus immediately quarantines attacks before they reach the inbox and protects against display name spoofing, which is responsible for 91% of phishing attacks.
A strong proactive defense is essential to safeguard against becoming a typosquatting victim. Many kinds of cybersquatting are illegal in the U.S. and legislation to protect users can be found in the Anticybersquatting Consumer Protection Act (ACPA).
But legal action can be costly and time-consuming, so implementing effective preventative measures is an important part of defending your organization against typosquatting.