Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).
The typosquatter's URL will usually be one of five kinds, all similar to the victim site address (e.g. example.com):
- A common misspelling, or foreign language spelling, of the intended site: exemple.com (See also ticket #20)
- A misspelling based on typos: examlpe.com
- A differently phrased domain name: examples.com
- A different top-level domain: example.org
- An abuse of the Country Code Top-Level Domain (ccTLD): example.cm by using .cm, example.co by using .co, or example.om by using .om. A person leaving out a letter in .com in error could arrive at the fake URL's website.
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.
There are several different reasons for typosquatters buying a typo domain:
- In order to try to sell the typo domain back to the brand owner
- To monetize the domain through advertising revenues (AdWare) from direct navigation misspellings of the intended domain
- To redirect the typo-traffic to a competitor
- To redirect the typo-traffic back to the brand itself, but through an affiliate link (TrackWare), thus earning commissions from the brand owner's affiliate program.
- As a phishing scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly
- To install drive-by MalWare or revenue generating AdWare onto the visitors' devices
- To harvest misaddressed e-mail messages mistakenly sent to the typo domain
- To block malevolent use of the typo domain by others
- To express an opinion that is different from the intended website's opinion
WIPO resolution procedure
Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can file a case at the World Intellectual Property Organization (WIPO) against typosquatters (as with cybersquatters in general). The complainant has to show that the registered domain name is identical or confusingly similar to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith.