NordVPN Promotion

Home / Industry

Why Typosquatting Protection Is a Must for Settlement Pages

The Telephone Consumer Protection Act (TCPA) is a federal statute that restricts telemarketers from making automated and unsolicited calls as well as sending faxes and messages to people. Affected individuals may choose to file a complaint and collect a minimum of US$500 for each illegal communication received.

Since its implementation, the number of TCPA complaints have piled up, resulting in the creation of settlement pages that attract a significant volume of visitors. Many of the said visitors manually typed these pages’ URLs to check their complaint status each time, making them ideal typosquatting targets. Users can, however, keep track of potential typosquatting domains so they won’t accidentally land on possibly dangerous websites with Typosquatting Data Feed.

Why the Need for Typosquatting Protection?

It is common practice for domain owners to put up pay-per-click (PPC) ads on parked sites so these would earn while waiting for domain buyers. Some also fill the pages with content to generate traffic, thus increasing their page authority. Note, though, that some less scrupulous domain owners don’t screen the ads or content that appear on parked domains to make sure they don’t have malicious ties. Landing on them may thus not be good for visitors.

Worse than that, certain typosquatting sites can be used for malicious gain. Examples of these are those that mimic settlement pages. Users who are eligible to claim settlements can very well end up handing their online credentials to hackers unknowingly. And that is why typosquatting protection is a must.

Case Study: TCPA Settlement Pages

TCPA settlement pages such as tcpasettlementregionsbank[.]com typically get published when a court deals its decision on a particular case. This specific page pertains to the “Swaney Versus Regions Bank” case filed on 22 May 2018.

A settlement agreement was reached on 12 November 2019. About a month after (specifically on 23 December 2019), TCPA created the tcpasettlementregionsbank[.]com page:

We put our theory to the test and looked for bulk-registered domains using “tcpa” as a search term on the Typosquatting Data Feed file for 24 December 2019. We uncovered seven domain look-alikes:

  • tcpasettlmentregionsbank[.]com
  • tcpasettementregionsbank[.]com
  • tcpassettlementregionsbank[.]com
  • tcpsettlementregionsbank[.]com
  • tcpasettlementregionbank[.]com
  • wwwtcpasettlementregionsbank[.]com
  • tcpasetlementregionsbank[.]com

Notice that all of the domains on the feed are slightly misspelled versions of the real settlement page’s domain tcpasettlementregionsbank[.]com. We looked at each copycat domain’s WHOIS record and found that these are privacy-protected. That didn’t tell us much because the legitimate page’s registrant details were anonymized as well. What piqued our attention was that while the real domain was U.S.-based, all seven of its look-alikes were China-based.

We dug further because the owner of the legitimate domain could have registered the copycats as a form of typosquatting protection. We didn’t want to take the risk of landing on a malicious domain, so we used Screenshot API to see the content of one of the China-based domains, specifically tcpasettlmentregionsbank[.]com. We found this:

All seven look-alikes contained some version of the same material. They are likely owned by a registrant who makes a living out of PPC ads. Note that these copycats were also only registered for a year. The legitimate domain tcpasettlementregionsbank[.]com’s registration, meanwhile, won’t expire until 2021. But given that the deadline for filing claims for the case is on 20 April 2020, that isn’t surprising. Claimants would stop looking for the domain by then and so the look-alikes’ registrant would no longer get visitors.

—-

The TCPA settlement example shows how such pages can be exploited by anyone with malicious motives, making typosquatting protection a necessity for any organization. Typosquatting protection solutions such as Typosquatting Data Feed can be used in tandem with others like WHOIS API and Screenshot API to investigate potentially illegal activities that can put individuals at risk of identity theft and fraud. That is critical especially since TCPA settlement announcements are not one-offs.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion