You should be careful while typing a website address on your browser address bar. This is because mistyping the URL of your intended website can lead you to a typosquatting website that looks similar to the original one.
And your visit to a typosquatting website can benefit a threat actor in multiple ways, including carrying out ad frauds, stealing sensitive information, installing malware, and much more.
But what is typosquatting or URL hijacking exactly, how can hackers weaponize it, and how can you avoid typosquatting?
What Is Typosquatting?
Typosquatting is an act of registering a misspelled domain name of a legitimate website with the objective of receiving traffic to the fake website.
Also known as URL hijacking or domain mimicry, typosquatting is a type of social engineering technique hackers employ to target users who happen to type misspelled URLs of known websites in the address bars of web browsers. As a result, users reach typosquatting websites set up by threat actors and share sensitive information or install malware inadvertently.
How Does Typosquatting Work?
A hacker registers a misspelled domain name of a legit website and designs it to look and feel like the original website. They may use the same theme, color, or typography as the original website does to make users believe they are on the intended website when they visit the typosquatting website.
For example, a hacker can register exemple.com or exampl.com to target internet users of example.com.
When you incorrectly type the URL (exemple.com or exampl.com) of your intended website in the address bar of your web browser, you will be led to the fake site set up by the hacker instead of the original website.
The look and feel of the typosquatting website may be the same as the original website. So you might not notice that you are on a fake website.
As the hacker controls the fake website you are on, your visit to the typosquatting site can result in severe consequences that include but are not limited to the following:
The hacker can put fake offers/discount coupons on the typosquatting website. And clicking on such coupons can install malware on your device.
You can be a victim of a drive-by-download attack that can install malicious software on your device without your consent to hijack your device, spy on you, or encrypt/delete data on your device.
If you submit credit card information, the hacker can steal your card details and carry out various financial frauds, robbing you of your hard-earned money.
You can unknowingly share login credentials of your cloud data backup with the hacker if you happen to visit their typosquatting website that is similar to your cloud storage provider. And then, the hacker can steal your confidential data.
Visiting a typosquatting website can also install a Keylogger on your device, sending your keystrokes and random screenshots of your device to the hacker. As a result, the hacker can know everything you do on your PC, including your passwords, sensitive information, and other confidential data.
If you run a business or company, typosquatting websites can damage your brand/reputation because visits to these fake sites can result in profound security implications that create a negative perception of your brand.
Also, typosquatting websites steal your traffic, which means a loss of revenue.
Types of Typosquatting
A fake URL resembling a legit URL can use one of the following tactics:
1. Using the Wrong Spelling
We all make spelling errors, and hackers capitalize on this by registering domain names with the wrong spellings of known brands and hoping that internet users will visit fake websites—for example, faceebook.com or facbook.com.
2. Adding “WWW” to the URL
Hackers also add “www” to the URLs of popular websites to register typosquatting websites. For example, wwwfacebook.com. Did you notice the absence of a dot between www and facebook.com?
3. Using Wrong Domain Extension
Hackers can use the wrong domain extension to create a typosquatting website—for example, www.facebook.cm.
4. Using Combosquatting
Hackers also add or remove a hyphen in a domain name to redirect users to a fake site. For example, face-book.com.
5. Adding or Removing a Dot
Adding or removing a dot from a known brand is another way hackers create a fake URL for a malicious website. For example, face.book.com.
6. Supplementing Popular Brands
Hackers also supplement popular brand names with appropriate words to create fake URLs of malicious sites. For example, apple-shop.com.
Why do Hackers Employ Typosquatting or URL Hijacking?
The following are key reasons why threat actors are motivated to register typosquatted domains of legitimate domains.
1. Redirecting Traffic to a Competitor
A typosquatter may redirect traffic to a competitor of the actual website and charge the competitor on a pay-per-click basis.
For example, you run an e-commerce website named GreenTeaShop.com, offering various types of green tea online. A typosquatter can create a fake website GrenTeaShop.com and redirect it to your competitor.
When users type GrenTeaShop.com instead of the correct URL of your website, they will reach your competitor. And the typosquatter will receive money from your competitor for redirecting customers to their website.
2. Generating Advertising Revenue
Suppose a fake site gets traffic from a search engine due to the popularity of the original brand owner. In that case, the typosquatter may start serving website visitors ads to generate advertising revenue.
For instance, you run a hugely popular website- teenhobby.com and thousands of people visit your website monthly. And many of your visitors may incorrectly type teenhoby.com instead of the correct name.
By creating a typosquatting website with the name teenhoby.com, a typosquatter may receive hundreds of hits each month simply because users mistyped the spelling. And then, they can start earning ad revenue by participating in any advertising program like Google Ads.
3. Phishing and Data Stealing
One common reason threat actors register domain names with the wrong spellings is to carry out phishing attacks and steal users’ data, especially on banking websites. When users are on a typosquatted site, a threat actor can present them with a phishing campaign to lure them into sharing sensitive information.
A fake site or sting site can also present users with online surveys and feedback forms to steal data. So if you want to protect your sensitive information, beware of typosquatting websites.
4. Bait and Switch
Threat actors can register misspelled domain names to create fake sites of original online stores. These fake website owners receive users’ payment info (and money), but the products are never shipped to the customers.
For example, you run a famous e-commerce store named hardcoffee.com. A threat actor can register a typosquatting website with the domain name- hardcofee.com to run a scam.
When customers reach hardcofee.com due to incorrectly typing your website address, they can place orders and make payments. But the typosquatter doesn’t deliver the ordered products.
Worse, they can sell customers’ card details on the dark web.
5. Installing Malware
Some threat actors use typosquatting to create malicious websites that can trick users into installing malware or other harmful programs on their systems.
Ransomware, Spyware, and RAT are common malware programs threat actors can install using a typosquatting website.
6. Selling Domain Names
Sometimes, threat actors register misspelled domains hoping that original website owners will buy these typosquatting domains.
For instance, you run a popular website named indoorgames.com. A threat actor may create a website—indorgames.com and contact you if you are interested in buying this typosquatting website.
Many business owners buy potentially spoofed domains hoping to prevent incidents of typosquatting.
7. Affiliate Earning
A hacker can create a typosquatted website to send traffic back to the original site so as to participate in a brand’s legitimate affiliate program.
Typosquatting vs. Cybersquatting: What Is the Difference?
Typosquatting is the process of registering a misspelled domain name of a popular legitimate company in the hope that users will lend to the fake website by incorrectly typing the URL of the company in their browser address bar. Consequently, they will reach a fake website created by the typosquatter to fulfill various malicious purposes.
On the other hand, cybersquatting is to register similar domains of genuine sites with the intent of profiting from original trademark holders.
For example, someone runs ShooFit.com website, offering quality shoes for men, women, and children. After some years, the shoe company becomes successful, selling thousands of shoes daily online.
A threat actor opens ShooFitStore.com to capitalize on the success of ShooFit.com. The cyber-squatted site can sell inferior quality shoes and damage the reputation of the brand or contact the original brand owner offering to sell the cybersquatted domain for a huge price.
How to Protect From Typosquatting or URL Highjacking
Here are tips to stay safe from typosquatting sites:
Avoid clicking unknown suspicious links in emails, social media platforms, and messenger chats.
Hover over the link and look at the URL carefully before clicking it. You can also use a URL scanner to assess if the link is malicious.
Use a search engine to find websites you want to visit and take the help of a safe search tool to filter out malicious and suspicious websites.
Bookmark frequently-visited websites in your web browser to avoid typing website names in your browser address bar.
Avoid clicking on shortened URLs if you don’t trust the source.
And if you are a business owner, you should register potential typosquatting domains and redirect these typo domains to your main site. Doing so will prevent webpage visitors from inadvertently reaching typosquatted websites.
Also, you should trademark your domain name. This will enable you to take legal action against those who purposely create typosquatting websites similar to your genuine website.
Consider signing up for ICANN’s (the Internet Corporation for Assigned Names and Numbers) “trademark clearinghouse” to know how your trademark is being used online. If someone tries registering a domain name that infringes your trademark, it will notify you.
How to Spot a Typosquatting Website
The following tips will help you identify a typosquatting website:
Typosquatters register domain names similar to the legitimate website but with a slight spelling error. So you should check the spelling of the website domain name carefully to ensure you visit a legit site, not a fake one.
Some typo-squatted domain names include special characters such as dashes or dots in the domain names.
Check the URL in the address bar to see whether it matches the original site.
Look at the design and feel of the website. A typosquatted website tends to have poorly written content and low-quality videos and images.
What to Do if Your Business/Website Is a Victim of Typosquatting?
If you suspect that threat actors have created typosquatting websites to target users of your business websites, the following is how you can deal with it.
Find Typosquatting Domains
You can easily find potentially spoofed domains by using a third-party tool like dnstwist.it, which is free. It will help you detect typosquatting, brand impersonation, and homograph phishing attacks.
Type the URL of your website and click on the Scan button. You will get a list of domains that are similar to your website. Check these domains carefully to identify typosquatting websites.
Plan Reactive Actions to Combat Typosquatting
Once you have made a list of typosquatting domains, reach out to these domain owners and inform them that you will take legal action against them.
Typosquatting or URL hijacking poses a severe threat to internet users. If you are not careful, clicking on a typosquatted domain can download malicious software to your PC, causing irreparable damage.
And if you run a business, a typosquatted domain owner can divert your potential customers to your competitors. Also, a typosquatter may create a scam site, riding on the popularity of your genuine site.
So, protecting yourself from typosquatting should be your priority whether you run a business or are merely an internet user.
Sandeep Babu has an MA in English literature from Jamia Millia Islamia, New Delhi. He has been writing in the cybersecurity domain since 2019. He covers cybersecurity for Geekflare, Make Use Of (MUO), and Small Business Trends.