Typosquatting is also known as “URL hijacking,” and for good reason. Just as hijackers unlawfully seize a vehicle, typosquatters take over a domain name and use it for malicious activities. In the end, the brand and its user base almost always suffer. Typosquatters register domain names that are similar to an established business or famous brand in hopes that visitors will commit typos and land on fake pages.

Typosquatters create such pages for various reasons, but primarily to earn money. They can make money from the website traffic or redirect visitors to the real website but only after, for example, landing on an affiliate page and answering a survey from which they earn. It gets worse, though, when squatters redirect users to the spoofed brand’s competitors or steal visitors’ personal information and infect their computers with malware.

Typosquatting is indeed dangerous for the company that is spoofed and its website visitors. But there are tools such as WHOIS API, Domain Availability API, and Typosquatting Data Feed that can help organizations protect themselves and their customers. In this post, we will dig deeper into typosquatting—its usual targets and how it affects a brand.

Who Are Likely Typosquatting Targets?

Like other forms of cybercrime, any domain owner can be a typosquatting target. But, to give a more definite answer, here are some of the usual victims:

Trademarked Brands: Trademark infringement has become very common with the advent of the Internet, especially among typosquatters. Even relatively less popular trademarks can become victims. So long as it has a following, it’ll likely get picked up on a cybercriminals’ radar.

Famous People: Typosquatting does not only happen to companies but also individuals. Some of the notable cases involving famous personalities include:

• Paris Hilton: Paris[.]org, Paris-Hilton[.]com, and ParisHiltonHeiress[.]com
• Donald Trump: trumpabudhabi[.]com, trumpbeijing[.]com, trumpindia[.]com, and trumpmumbai[.]com
• Jerry Falwell: jerryfallwell[.]com
• Jennifer Lopez: jenniferlopez[.]net and jenniferlopez[.]org

Well-Known Companies: Of course, typosquatters’ favorite targets are established and well-known companies such as Microsoft, Apple, PayPal, and Equifax. And that’s self-explanatory. The bigger a brand’s user base is, the more potential victims a cybercriminal has.

Popular Search Terms: Typosquatters are also known for taking advantage of keywords that people often search for. Take, for instance, the term “mutual funds.” Google Trends shows that it is quite a popular search term, even peaking to 100 (the highest level in popularity) during the first two weeks of January 2020.

And here’s something interesting: We obtained a list of domains that may be taking advantage of people searching for mutual funds and, perhaps, mistyping the term. Unwary visitors looking for mutual fund-related information may land on these domains that we obtained from a typosquatting tool:

• mutualfundsn[.]com
• mutualfundsl[.]com
• mutualfundsj[.]com
• mutualfundsx[.]com
• mutualfundsp[.]com
• mutualfundse[.]com
• mutualfundsq[.]com
• mutualfundsk[.]com
• mutualfundsr[.]com
• mutualfundsb[.]com
• mutualfundsu[.]com
• mutualfundsd[.]com
• mutualfundsy[.]com
• mutualfundso[.]com
• mutualfundsm[.]com
• mutualfundsw[.]com

Using WHOIS Lookup, we checked the WHOIS details of the first three domains to see if they present any risks:

mutualfundsn[.]com

mutualfundsl[.]com

mutualfundsj[.]com

All three domains are hosted by the same name servers, and they also have the same registrars. They were also created on exactly the same date, April 13, 2019. Although we can’t say for sure how these domains are being used, it’s fair to assume that legitimate businesses would not use misspelled domain names for their sites.

It’s also interesting to note that a legitimate site bearing the domain mutualfunds[.]com exists. It basically provides news and information to people who may want to know more about and invest in mutual funds.

We searched for its WHOIS record and found that it was registered way back in 1994 and not just recently like its likely typosquatting counterparts.

While it is possible for the owner of mutualfunds[.]com to have registered the potential typosquatting domains, the huge disparity in registration dates makes that unlikely. Companies often register misspelled variants of their domain names at around the same time they put up their websites. That said, users are advised to steer clear of the domains in the list above.

* * *

While the most apparent effect of typosquatting on the spoofed company is causing loss of credibility, its customers would lose a lot more. If the brand truly cares for its users, it should find ways to reduce risks. It can register look-alike domains as a failsafe and use Typosquatting Data Feed to detect suspicious registrations as well as WHOIS lookup tools to find out who’s behind these. The end goal, of course, is to protect not just its reputation, but also customers.