Ty­po­squat­ting — the devil is in the detail

Ty­po­squat­ting is a type of cy­ber­squat­ting that involves re­gis­ter­ing domains with the in­ten­tion­ally mis­spelled names of popular web sites and filling these with more-or-less un­trust­worthy content. The typo-prone nature of many websites makes up the found­a­tion of this business model. Manually entering domains into a browser search bar can result in the user being led to a squatted domain instead of the ori­gin­ally desired address. Operators of such sites rely on common typos, like exapmle.com, spelling errors, and will even resort to adding ad­di­tion­al in­form­a­tion or endings to popular domain names. Setting up a site aiming to siphon off users who’ve mistyped a par­tic­u­lar name is an es­pe­cially lucrative business models for fraud­sters: these generally lead to web-optimised landing pages or por­no­graph­ic content, which generate par­tic­u­larly high revenue streams for their owners. The worst case scenario that users may come across are coun­ter­feit websites aiming for their personal data. And ty­po­squat­ting doesn’t only present a problem to users: business owners are also affected, as every stolen visitor is a po­ten­tially lost customer. For this reason, it’s re­com­men­ded to keep an eye on the most popular falsi­fic­a­tions of your own website and, if possible, register them yourself.

• Typos: perhaps the most common error when entering search in­form­a­tion, typos are often the product of our rushed day-to-day lives. Those who normally type quickly and im­pre­cisely or rely heavily on auto­cor­rect are es­pe­cially prone to becoming victims of these domain types. Such behavior can result in google.com becoming gogle.com, googel.com, or goggle.com. But the Cali­for­ni­an market leader isn’t about to let any potential users slide through their hand so easily: Google made sure to quickly register all potential typo domains them­selves. Users who access these are then forwarded to Google’s start page. The popular online en­cyc­lo­pe­dia, Wikipedia, failed to take the ini­ti­at­ive on this matter. Op­por­tun­ists have since taken advantage of the online resource’s inaction by setting up mis­spelled variants of the site’s name; often these im­pos­tur­ous sites feature content of a much more ques­tion­able variety than that of their edu­ca­tion­al coun­ter­part.

• Spelling errors: it would be too easy to blame every online mis­ad­ven­ture on the keyboard. Many popular websites are simply spelt in­cor­rectly, and squatters are well aware of this fact. For­tu­nately, many busi­nesses, such as Adidas, have managed to register mis­spelled variants of their site’s name before others could beat them to it. So thanks to redirects to the brand’s start page, calling up www.addidas.com shouldn’t pose any problem when looking for that jump suit or new pair of sambas.

• Al­tern­at­ive spelling: Al­tern­at­ive spelling options of common product names or services have the potential to confuse internet visitors. For this reason, those wishing to set-up a fashion blog under the name www.my-favourite-new-look.fashion should also make sure to register the domain www.my-favorite-new-look.fashion so as not to miss out on any potential visitors who are used to reading and writing in American English.

• Hy­phen­ated domains: A series of incidents sur­round­ing Paris Hilton showcases how hy­phen­ated domains can be misused for ty­po­squat­ting. Simply by adding a hyphen between her first and last name, site operators were able to cap­it­al­ise on the hype sur­round­ing the hotel heiress and attract visitors to the site. Hyphens can also be used to sup­ple­ment popular brand names with mis­lead­ing in­form­a­tion. For example, websites like www.amazon-on­lin­estore.com may sound correct, but in reality, they have nothing to do with the retail giant and are often used purely for ad­vert­ising purposes or to spread malware.

• Wrong domain endings: Ever since domain endings were first in­tro­duced, brand names and already-es­tab­lished domains have been combined with different endings in order to mislead internet users. Web operators launching websites under less fre­quently used domain endings, like .ca, or .mx, or .de should also consider re­gis­ter­ing other relevant top-level domains, such as .com, .shop, or .web, in order to prevent their brand from falling into the wrong hands. Ty­po­squat­ters are es­pe­cially fond of the Columbian top-level domain, .co, due to the sim­il­ar­ity it shares with the most widely used TLD, .com.

Unlike in the USA, the UK has no laws specific to the issue of cy­ber­squat­ting though it is possible that fraud laws and the Trade Marks Act, 1994 would be relevant to some similar situ­ations. For this reason we have compiled some advice below to help prevent this happening to you or your business. There can be no doubt that in situ­ations like this, pre­ven­tion can be a lot cheaper than potential legal disputes.

Use ICANN’s mon­it­or­ing service

The in­tro­duc­tion of new top-level domains (nTLDs) has made it even easier for squatters to target mistyped or mis­spelled versions of popular websites for their own private gain. For­tu­nately, ICANN’s trademark clearing house allows brand owners to find out how their names are being used within different domains. This service, however, is available ex­clus­ively to na­tion­ally or in­ter­na­tion­ally re­gistered brands.

SSL cer­ti­fic­ates build trust

These cer­ti­fic­ates are pre­vent­at­ive measures that can be employed to help guide lost users back to the into the light. Website operators need to be able to signal to users that they are on the original site. SSL cer­ti­fic­ates don’t only protect users when data is trans­ferred during a financial trans­ac­tion; they also supply visitors with in­form­a­tion on the site operator and the company re­spons­ible for issuing the cer­ti­fic­ate.