Ty­posquat­ting - the devil is in the detail

Ty­posquat­ting is a type of cy­ber­squat­ting that involves reg­is­ter­ing domains with the in­ten­tion­al­ly mis­spelled names of popular web presences and filling these with more-or-less un­trust­wor­thy content. The typo-prone nature of many websites makes up the foun­da­tion of this business model. Manually entering domains into a browser search bar can result in the user being led to a squatted domain instead of the orig­i­nal­ly desired address. Operators of such sites rely on common typos, like exapmle.com, spelling errors, and will even resort to adding ad­di­tion­al in­for­ma­tion or endings to popular domain names. Setting up a site aiming to siphon off users who’ve mistyped a par­tic­u­lar name is an es­pe­cial­ly lucrative business models for fraud­sters: these generally lead to web-optimized landing pages or porno­graph­ic content, which generate par­tic­u­lar­ly high revenue streams for their owners. The worst case scenario that users may come across are coun­ter­feit websites aiming for their personal data. And ty­posquat­ting doesn’t only present a problem to users: business owners are also affected, as every stolen visitor is a po­ten­tial­ly lost customer. For this reason, it’s rec­om­mend­ed to keep an eye on the most popular fal­si­fi­ca­tions of your own website and, if possible, register them yourself.

• Typos: perhaps the most common error when entering search in­for­ma­tion, typos are often the product of our rushed day-to-day lives. Those who normally type quickly and im­pre­cise­ly or rely heavily on au­to­cor­rect are es­pe­cial­ly prone to becoming victims of these domain types. Such behavior can result in google.com becoming gogle.com, googel.com, or goggle.com. But the Cal­i­forn­ian market leader isn’t about to let any potential users slide through their hand so easily: Google made sure to quickly register all potential typo domains them­selves. Users who access these are then forwarded to Google’s start page. The popular online en­cy­clo­pe­dia, Wikipedia, failed to take ini­tia­tive on this matter. Op­por­tunists have since taken advantage of the online resource’s inaction by setting up mis­spelled variants of the site’s name; often these im­pos­tur­ous sites feature content of a much more ques­tion­able variety than that of their ed­u­ca­tion­al coun­ter­part.

• Spelling errors: it would be too easy to blame every online mis­ad­ven­ture on the keyboard. Many popular websites are simply spelt in­cor­rect­ly, and squatters are well aware of this fact. For­tu­nate­ly, many busi­ness­es, such as Adidas, have managed to register mis­spelled variants of their site’s name before others could beat them to it. So thanks to redirects to the brand’s start page, calling up www.addidas.com shouldn’t pose any problem when looking for that jump suit or new pair of sambas.

• Al­ter­na­tive spelling: Al­ter­na­tive spelling options of common product names or services have the potential to confuse internet visitors. For this reason, those wishing to set-up a fashion blog under the name www.my-favorite-new-look.fashion should also make sure to register the domain www.my-favourite-new-look.fashion so as not to miss out on any potential visitors who are used to reading and writing in British English.

• Hy­phen­at­ed domains: A series of incidents sur­round­ing Paris Hilton showcases how hy­phen­at­ed domains can be misused for ty­posquat­ting. Simply by adding a hyphen between her first and last name, site operators were able to cap­i­tal­ize on the hype sur­round­ing the hotel heiress and attract visitors to the site. Hyphens can also be used sup­ple­ment popular brand names with mis­lead­ing in­for­ma­tion. For example, websites like www.amazon-on­line­store.com may sound correct, but in reality, they have nothing to do with the retail giant and are often used purely for ad­ver­tis­ing purposes or to spread malware.

• Wrong domain endings: Ever since domain endings were first in­tro­duced, brand names and already-es­tab­lished domains have been combined with different endings in order to mislead internet users. Web operators launching websites under less fre­quent­ly used domain endings, like .ca, or .mx, or .de should also consider reg­is­ter­ing other relevant top-level domains, such as .com, .shop, or .web, in order to prevent their brand from falling into the wrong hands. Ty­posquat­ters are es­pe­cial­ly fond of the Columbian top-level domain, .co, due to the sim­i­lar­i­ty it shares with the most widely used TLD, .com.

Many instances of cy­ber­squat­ting are illegal in the United States, and much of the leg­is­la­tion used to combat the practice is anchored in the An­ti­cy­ber­squat­ting Consumer Pro­tec­tion Act (ACPA). Enacted in 1999, the law aims to protect both consumers and trademark holders from those who, with a bad faith, intent to profit from the goodwill of another’s trade­marks or use a domain name that’s con­fus­ing­ly similar to a dis­tinc­tive mark. For more detailed in­for­ma­tion on the matter, you can check out a complete copy of the law by clicking here.

SSL cer­tifi­cates build trust

These cer­tifi­cates are pre­ven­ta­tive measures that can be employed to help guide lost users back to the into the light. Website operators need to be able to signal to users that they are on the original site. SSL cer­tifi­cates don’t only protect users when data is trans­ferred during a financial trans­ac­tion; they also supply visitors with in­for­ma­tion on the site operator and the company re­spon­si­ble for issuing the cer­tifi­cate.