Typosquatting – Are squatters targeting your website traffic?

You have probably experienced this scenario at least a thousand times before when browsing the web. Instead of searching for a website, you decide to manually type the URL into the address bar but accidentally make a slightly spelling mistake Well don’t worry, you are not alone here. Based from an Online Study conducted in 2013, almost 40% of all internet users will manually type the URL into the address bar, with more than 25% of those efforts resulting in some kind of spelling error.

Have you ever accidentally typed in the wrong URL address then stumbled onto a completely different website, or what seems like a an identical replica of the exact site you were searching for but under a different domain with plenty of adverts? Chances are you have and you have experienced the world of ‘Typosquatting’ without even knowing.

It wasn’t until a recent chat with a client that I actually stumbled across Typosquatting first-hand and discovered not only global corporations are affected by this; local websites including your own could very well be at threat without you ever knowing.

Looking to quickly open The Knutsford Wine Bar – one of our very own clients – I quickly typed in the URL and was amazed to discover that by slightly misspelling the URL – in this case missing the “the” –  the URL bizarrely linked to another locally based business that is completely unrelated to Knutsford Wine Bar – in fact it has nothing to do with the food Industry!  So upon further investigation, I have decided that I would capture my thoughts and provide a detailed explanation on what Typosquatting is, what you can do to combat this scenario, and provide some high-profile examples to showcase some of the more extremes of Typosquatting

What is Typosquatting?

Typosquatting – also referred to as cyber-squatting –  is a form of URL-hijacking that targets users who accidentally misspell the URL when searching for a specific domain when typing the into the address bar. For example when searching for “www.google.co.uk” you accidentally type “www.googel.co.uk”

When any user accidentally enters the wrong URL address, they may be lead to an alternative website, such as an identical replica of the website they were searching for. These are usually designed with malicious purposes such as implementing virus software onto your machine, or trying to trick the user with competitions/promotions on free products to gain personal information. In some cases, the URL could re-direct you to a completely different website.

A study conducted by data protection experts Sophos, found that 80% of the most high-profile dot-com based sites were targeted by some form of Typosquatting. With further studies finding that 250 of the most highly tracked sites annually lost 448 Million impressions thanks to cyber-squatting.

What do Typosquatters want/gain from stealing your URL?

In the world of Typosquatting, each case has to be treated individually as there can be several motivational reasons as to why Typosquatters are trying to piggy-back of your website. Reasons can include

  • To target Personal Information – Websites pretending to offer fake discounts or freebies will offer this in exchange for any information including usernames, passwords or even credit card details.
  • To Trick you into downloading spyware or other infectious malware to harm your computer.
  • To try to sell the typo domain back to the brand owner.
  • To re-direct the typo-traffic back to a rival competitor or local business.
  • To piggy-back off popular sites to gain web traffic and earn money through advertisements.

The damaging impact that typosquatting can have on your business

  • Loss impressions
  • Loss in potential sales
  • Loss in click fee’s (Search Advertising/Adwords)
  • Recovery – Legal Battle

5 High-Profile Cases of Typosquatting

Since its inception, there have been a wide-variety of high-profile Typosquatting cases targeting the likes of major corporations including Wikipedia, Lego, Twitter and even Microsoft, all of whom have experienced damages from fees for battling in the courtroom and for the estimated loss of visitors to the website who have been tricked by typosquatting.

However, it’s not just the major incorporations who have suffered as celebrities, ranging from singers to athletes have also been heavily targeted. High profile targets include the likes of Paris Hilton, Madonna, Eva Longoria and NBA’s very own Dirk Nowitzki just to name a few.

Celebrity Case 1

Actress Eva Longoria, most notably famed for her role in Desperate Housewives, suffered from a somewhat unusual case of Typosquatting in 2011. The television star, of which had already registered the domain names of EvaLongoria.com and EvaLongoria.net was targeted by a Las Vegas based business who bought the domain name EvaLongoria.org. What was even more unusual about this case was that the cyber-squatting domain actually forwarded to the domain of an EBay search for the actress so it’s hard to see what they actually gained from this.

Celebrity Case 2

Dallas Mavericks All-Star Power Forward Dirk Nowitzki also experienced a similar experience with typosquatters as he faced off against a company that registered the domain DirkSwich.com to sell memorabilia of his likeness. A play on his twitter handle @Swish41, the Dallas based Happy Bulldawg Entertainment company released a statement implying that the website was originally intended as a fan site. The website quickly started to sell memorabilia and following accidental radio advertisement, the website generated over 130 orders in one day.

Wikipedia

In 2012, free online encyclopaedia website Wikipedia faced a battle with a similar domain name that was registered in the name of ‘Wikapedia.com’. In this case, the squatter’s website was identical to the genuine site that the consumer was searching for; using the same logos, graphics and font’s to easily trick its users.

In this case, the cyber-squatting website displayed adverts containing Apple products including the likes of iPads and MacBook’s claiming that visitors could enter or had won a competition. After clicking the link, visitors were asked to provide personal information such as their mobile phone number, after which they would receive a PIN number for use in the competition. They would then receive texts on their mobile phones asking them quiz and survey questions, then were charged at £1.50 for each one sent, and an extra £1.50 if they answered.

Following the conclusion of the court case, the owners behind ‘Wikapedia.com’ were fined and ordered to pay £100,000 by Watch Dog UK.

Lego

Following the introduction of typosquatting and all the high-profile cases that have come to light, Lego decided to take a slightly different approach by spending over $500,000 US Dollars on pursuing cyber squatters through the Uniform Domain-Name Dispute-Resolution Policy to protect its brand identity.

Following over 300 cases through UDRP proceedings, Lego has now passed major corporations including Microsoft, Yahoo and Google in terms of cases filed with a success rate of 100% to rank in as number 2 in the USA, although it still has a long way to catch up with AOL who has a staggering 500 cases.

YouTube

Another misleading case of mistaken identity involving a web page imitating a popular site happened to global video-sharing website YouTube in 2008.

Replicating a very similar scenario that happened with Google users when misspelling as goole.com, YouTube users who typed in yuube.com were greeted with extremely dangerous websites with purposes if infecting the user with spyware. Upon further investigation, YouTube were also heavily targeted in a number of misspelt URLs which included Youube.com, Yutube.com, Yotub.com, Youttube.com and Yotube.com all of which provided infectious spyware or  online surveys offering user’s the opportunity to win Apple products.

Facebook

Originally filing their lawsuit in late 2011, Facebook is another major corporation who have greatly benefited from legal disputes over typosquatting cases. Over 100 domain names are estimated to have been involved in the case including misspelt domain names registered as fadebook.com, rfacebook.com, facebookfreezer.com and faceboobs.com.

Damages from each domain can go as high as $100,000 depending on several factors including how the domain name was used and to what extent the popular name was replicated in the domain, so the court had to rule each domain name individually. Following the conclusion of all these cases, Facebook were rewarded an estimated figure of nearly $2.8 Million dollars.

How we can help you catch typosquatters

So now you have seen the statistics and understand the motivation behind typosquatting and what impact it can have on any domain name but how can you find out if any Typosquatters are currently leeching off your domain name? How do you catch typosquatters in the act?

It’s really straightforward; simply get in contact with James Cox, either over the telephone on 01565 653616 or simply send your business name along with your current URL to jc@untitledtm.com and we will run a free Typosquatting test report for you, and we will provide the complete results along with an action plan on how you can combat Typosquatting.