Typosquatting, also referred to as URL hijacking (in relation to domains), relies on typographical errors (typos) made by users when trying to access a domain directly via URL. If the user mispells the website, they will end up on the site of a “typosquatter”, a type of cybersquatter, whose purchase of the domain name is the sole intent of attracting traffic due to misspellings. How do you prevent typosquatters from taking advantage of you?
Beating the Typosquatters
When purchasing a domain name for a client, I will automatically run a check on common misspellings and recommend that the client buy those names as well, for the sole purpose of avoiding a typosquatter from hijacking URL’s and misdirecting Internet traffic. This will also help capture the maximum amount possible of traffic that was searching for your keywords and therefore intended to find your site in the first place.
Virus Infested Typosquatting
In a scary example of malicious intent, criminals take advantage of typosquatting by buying the domain name googkle.com, which is infested with spyware, Trojans, downloaders, and backdoors, so an unsuspecting user will inadvertently fall prey to computer hijack attempts.
Examples of Common Misspellings
Some random examples of common misspellings:
- Publicliy Traded
- Web Develpoment
- Exemples of Weaknesses
How to Find Common Misspellings
One way of finding common misspellings is to type, in a spreadsheet, the same word, or in this case phrase, 100 times as fast as you can – and then sort by popularity. After the correct spelling, the second most popular spelling will be your most common misspelling.
How to Defend Against Typosquatting
The only real defense against typosquatting is buying variants of domain names that may be hijacked by finding their common misspellings. For near-full protection of your identity, I also recommend securing the following variants of your domain name:
- 0 (zero) variants: One particular thing to look out for is the replacement of the letter “O” with the number “0” (0). In lower case the 0 (zero) is very apparent, as in amaz0n.com, but in upper case it’s not: www.AMAZ0N.com, and since URL’s are not case-sensitive this could pose a problem if someone decides to plant malicious links disguising as your website.
- www variants: It’s a good idea to register the wwwdomain.com versions (ie. missing the period from www.domain.com) to prevent the rerouting of traffic away from your site.
- Singular and plural versions: Consider purchasing the singular and plural version of your domain name.
- Hyphenated and non-hyphenated versions: Consider purchasing both hyphenated and non-hyphenated versions of your domain name. The non-hyphenated version may also have certain SEO advantages. For example www.bikesexpo.com may be put in an adult category if the search engine parses the words like this: www.bike-sex-po.com instead of www.bikes-expo.com. A properly hyphenated name can prevent this. In the event that you only own the hyphenated version buying the non-hyphenated version can prevent the rerouting of type-in traffic (searches typed directly into the address bar that resolve to domain names).
- Domain extensions: It’s not a bad idea to secure at a minimum .com, .net, and .org versions of your domain.
If you have any questions or comments regarding typosquatting, don’t hesitate to reply to this thread or Contact Us and I will do my best to answer your questions.Tagged With: