from Understanding Java Code and Malware | Malwarebytes Unpacked
Typosquatting is a term you may have seen when reading about internet scams. In essence it relies on users making typing errors (typos) when entering a site or domain name. Sometimes it is also referred to as URL hijacking or domain mimicry, but IMHO the word typosquatting describes the matter more adequate.
Roads to success
As you will understand the success of a typosquat scammer depends on the number of victims that are likely to misspell the intended domain and land on the scammers’ pages. To maximize the success rate takes some insight into the workings of human mind-fingers coordination.
Another thing to keep in mind is that there are many different keyboard layouts, so replacing one letter with an adjourning character on the QWERTY keyboard does not work for everyone.
One road to success depends on the occurrence of double letters in a domain name. A regular mistake is to type the consecutive letter double instead of the intended one. For example the rather famous goggle[dot]com.
Another often used trick is to try and register domains with the same name but with a different top-level domain (TLD).
This is actually an adult site
For example, whitehouse[dot]com when the actual site is at whitehouse.gov. But, in most cases you will find that organizations have already registered the domains with their company names and the most popular TLD’s, so that these will redirect to the actual site rather then that they could be abused.
Note that were it concerns companies, similar domains are also registered for other reasons then typosquatting like for example CEO fraud as explained in more detail elsewhere on our blog.
Celebrities are a different case. It seems they often register only one domain if any at all. That leaves all the rest up for grabs. Sometimes these are scooped up by early fans, but scammers and advertisers are happy to exploit them at any opportunity they get.
Who are you going to call?
If you are famous or the owner of a very popular domain you may want to know who to contact when you notice your domain is being typosquatted. There are several organizations you can turn to. It depends on the type of infringement and how you want the case to be handled.
- WIPO (World Intellectual Property Organization), you can ask the WIPO to rule that the domain(s) be transferred to you, but it is up to you to prove that the domain(s) meet some requirements, and I quote:
the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and the domain name holder has no rights or legitimate interests in respect of the domain name; and the domain name has been registered and is being used in bad faith.
- Anticybersquatting Consumer Protection Act (ACPA), one of the ACPA’s most widely used and powerful tools is its “imposition of civil liability on someone who registers and/or uses a domain name that is confusingly similar to someone else’s trademark with the intent to profit from the use.” Damages can amount up to a maximum of $100,000 per domain, but they depend on several factors, including how the domain was used and to what extent it included the popular name that it was mimicking.
- ICANN (Internet Corporation for Assigned Names and Numbers), the non-profit organization responsible for managing the top-level domain name system and Internet Protocol (IP) allocation. If you are just trying to reclaim a domain, this is often done quickly by ICANN, but they can’t award any damages.
Profitable
In the light of what experienced scammers are able to make of a successful typosquatted site, the maximum damages are not an adequate measure, so CADNA (Coalition Against Domain Name Abuse) argues for increasing the penalties for these practices.
A few tips to avoid ending up at the wrong site
In essence most of these tips are very basic as they are aimed at not typing the url.
- Bookmark your favorites
- Use search results rather than typing the url in the address bar
- Leave some or all of the sites that you visit every day open in your browser tabs (most popular browses offer the option to continue where you left off or to specify a set of sites to start with)
- Never click links in unexpected mails or on unknown sites
- Use an Antivirus or Anti-malware solution that offers web protection and preferably even an anti-exploit solution.
As always, save yourself the hassle, use adequate protection.
Links
Measuring the Perpetrators and Funders of Typosquatting
Pieter Arntz
RELATED ARTICLES
April 30, 2012 - Malwarebytes Anti-Malware is under constant attack. 24 hours per day, 7 days per week, 365 days per year. If you read my recent blog post about the development of Malwarebytes Chameleon, you know that we at Malwarebytes have big red ‘X’s on our chests; the bad guys are always out to get us. Malwarebytes Anti-Malware...
April 24, 2012 - The fight against malware is a cat-and-mouse game. It is constant and constantly escalating. They make a move, you counter it, they counter your counter, lather, rinse, repeat. What’s more: malware almost always has the advantage. Our software Malwarebytes Anti-Malware earned a reputation for having a high success rate in combating new in-the-wild malware infections:...
May 7, 2012 - From the outside looking in, it may appear that the press regularly reports stories when a company’s website, database or intellectual property has been hacked, stolen or compromised. The more eye-opening fact of the matter is that the scale and scope of the cybercrime problem is much, much larger and the actual incidences of these...
May 14, 2012 - The recent attack on the Serious Organized Crime Agency (SOCA), most likely in response to the 36 data selling sites shut down a few weeks ago, lead to the admission by high ranking SOCA officials that the Ministry of Defense networks need to “beef up their security.” In response to this we would like to...
June 1, 2012 - The last time I checked with Google News this morning there were over 19,100,000 results for “flame malware”. You may have heard many stories this week about this complex trojan. Here are links to three of my current personal favorite articles on “Flame”. Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game – (Fox News)...
