The manager for a large commercial builder recently called her IT support with serious concerns. One of their clients received an email that at first looked like it came from her work email account, asking for payment on completed work, but it didn’t originate from her office. The email address included her name, and the business domain was only one letter off. The sender asked for a wire transfer of payment for labor and materials on a large project costing almost a million dollars, and the recipient almost paid. This manager’s company has fallen victim to typosquatting, and they’re not alone.
“Cybersquatting” is when someone buys a domain name so they can pretend to be another entity or business. “Typosquatting” is a form of cybersquatting, and occurs when someone buys the misspelling of a domain name to get online traffic from those mistakes. It’s also sometimes called “URL hijacking.”
A domain name is an entity’s web address, what people type in the navigation bar to visit their website. It might look like “localcharity.org,” or “localcollege.edu.” Email addresses typically follow a formula similar to “email@example.com,” “firstname.lastname@example.org,” or “email@example.com.”
When users mistype - or “fat finger” - in the wrong address, they may be taken to a fraudulent website that looks similar to the one they intended to visit. The website owners can use this deception to steal identity information, sell products, or misinform. They can also send email from the misspelled domain name to try and trick the recipient into thinking it came from someone inside the company being mimicked. Recipients might think they’re dealing with a trusted source when they’re really interacting with someone whose whole intent is to deceive.
Typosquatting takes advantage of people who get in a hurry and don’t pay attention. The best way to avoid mistakes is to do the opposite. After typing in a web address and before hitting “Enter,” double-check the spelling. Once the online destination shows upon the screen, look for the padlock symbol and that the website address includes “https://”.
Business owners: register common alternate spellings for your domain, including variations with plurals and hyphens. If you own all the similar domains, cybercriminals can’t use them against you. It’s also a good idea to monitor website traffic. A sudden drop off might indicate visitors are being diverted to a fake site through typosquatting.