Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.
There are several different reasons for typosquatters buying a typo domain:
Many companies, including Verizon, Lufthansa, and Lego, have garnered reputations for aggressively chasing down typosquatted names. Lego, for example, has spent roughly US$500,000 on taking 309 cases through UDRP proceedings.
From 2006 to 2008, a typosquatted variant of Google called 'Goggle.com' existed. Visiting the website would cause the domain to automatically download various computer viruses and other malicious software to the computer, including the rogue antispyware program SpySheriff. The website today is a catalog of Amazon listings.
Celebrities have also frequently pursued their domain names, from singers to star athletes. Prominent examples include Basketball player Dirk Nowitzki's UDRP of DirkSwish.com and actress Eva Longoria's UDRP of EvaLongoria.org.
An example of corporate typosquatting is yuube.com, targeting YouTube users by having it programmed to redirect to a malicious website or page. Similarly, www.airfrance.com has been typosquatted by www.arifrance.com, diverting users to a website peddling discount travel. Other examples are Equifacks.com (Equifax.com), Experianne.com (Experian.com), and TramsOnion.com (TransUnion.com); these three typosquatted sites were registered by comedian John Oliver for his show Last Week Tonight.
People trying to visit the popular internet-based game agar.io may misspell said URL as agor.io. Visiting this site will produce a jumpscare or screamer of the popular Internet creepypasta Jeff the Killer, which flashes rapidly and produces a loud noise.
In the United States, the 1999 Anticybersquatting Consumer Protection Act (ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting.
However, on April 17, 2006, controversial evangelist Jerry Falwell failed to get the U.S. Supreme Court to review a decision allowing Christopher Lamparello to use www.fallwell.com. Relying on a plausible misspelling of Falwell's name, Lamparello's gripe site presents misdirected visitors with scriptural references that are intended to counter the fundamentalist preacher's scathing rebukes against homosexuality. In Lamparello v. Falwell, the high court let stand a 2005 Fourth Circuit finding that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."
Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can file a case at the World Intellectual Property Organization (WIPO) against typosquatters (as with cybersquatters in general). The complainant has to show that the registered domain name is identical or confusingly similar to their trademark, that the registrant has no legitimate interest in the domain name, and that the domain name is being used in bad faith.
The Internet Commerce Association's (ICA) Member Code of Conduct expresses the ICA's recognition of the responsibilities of its members to the intellectual property, domain name, and at large Internet communities and will guide members in conducting their domain name investment and development activities with professionalism, respect and integrity.
With growing ease and profitability, sophisticated cybersquatters are exploiting a flaw in the domain name registration process whereby domain names are registered and subsequently dropped, risk free, within an accepted 5-day grace period.
Web tool which shows lots of mistyped registered domains (German).
Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your IT knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.