What’s a typosquatting?
Typosquatting is a kind of cybersquatting consisting in registering a domain name similar to a generally well-known domain name. It is based on typing or spelling mistakes done by web users at the time of the search, allowing to direct them towards another website than the one searched.
Examples: credit-abricole.fr, creditmuuel.fr, le boncoim.fr…
Typosquatting which represents almost 15% of the disputes, often brings the web user towards websites containing « commissioned links » towards other websites. If the web user clicks on one of these links, the intermediary website’s owner earns a commission from the final website’s owner.
Even worse, we begin to see the use of typosquatted names to direct the web user towards a website containing a « malicious » page aimed to infect their computer with a «malware ».
Warning, typosquatting allows to hijack, thanks to spelling or typing mistakes, a part of the mails addressed by the original domain name owner’s customers.
The consequences can be particularly severe when the customer communicates by e-mail, some confidential information (bank, health, assurance…).
Typosquatting, various objectives:
- To sell advertising banners on the home page;
- To propose competitors’ products or services or complementary to the ones of the original website;
- To redirect towards competitors’ websites;
- Phishing campaign in order to obtain personal information to steal the identity of the tricked web user.
How to protect against typosquatting?
In order to be immediately alerted from all cases of typosquatting affecting your brands, Nameshield provides a monitoring of trademarks and domain names registrations.
For web users, how to detect frauds like typosquatting?
- Check the website’s address and pay attention to the URL’s spelling;
- Check that the visited website is secure and authenticated by an SSL certificate;
- Check the website’s propriety data.
You can find recent cases of this kind of attack on the blog.
Source: Nameshield’s White paper – Understanding domain names