A recently published report contains the following alarming statistic: In 2018, browsers “inadvertently” visited .cm websites such as itunes.cm or espn.cm on 12 million occasions, thereby reaching the sites of clever scammers. In 2016, Netflix and Citibank were among those affected. They had fallen prey to .om typosquatters. The accidental omission of the letter “c” led a large number of users to websites that attempted to install harmful malware.
In this article, we explain just how dangerous a technically harmless typo can turn out to be. We also provide an overview of the legal context, and appropriate strategies for trademark protection on the Internet.
1. What is typosquatting?
In simple terms, typosquatting is the registering of typing-error domains. Scammers deliberately register domains that are very similar to well-known web addresses, differing only by a typo, misspelling, or wrong domain ending. In the above example, the web address itunes.cm was registered by a typosquatter, and anyone who omitted the “o” in the domain extension when typing the domain name in their browser ended up on the wrong website without realising. This tiny mistake directed a lot of traffic to the scammer, who exploited it for illegal ends.
2. How does typosquatting work?
Typosquatting, which is also known as “URL hijacking” or “brandjacking”, is made possible by typos or misspellings in a domain name. If a user makes a mistake while typing a domain name, but fails to notice it, they accidentally end up on the wrong website. The owner of the domain then receives the traffic that was in fact intended for the trademark owner of the well-known domain.
The first case of typosquatting to come to international attention was in 2006. On that occasion, the typosquatters had their sights on google.com. Examples of typosquatting domains include URLs such as foogle.com, hoogle.com, and voogle.com. Since the letters F, H and V are immediately next to G on a keyboard, the typo is easy to make and the typosquatter (i.e. the owner of the fraudulent domain) automatically receives visits from web users trying to access google.com.
3. What forms of typosquatting are there?
Below, we present some different forms of typosquatting, and illustrate them with examples. Please note that the examples are entirely fictitious! In fact, large companies such as Apple and Google have, of course, long since taken up the fight against typosquatters and have registered domain names containing typical typos and misspellings themselves, or have had them blocked by a special ICANN service.
If you’re in a hurry to surf the World Wide Web, you’ll know how easy it is to make a classic typo. This is particularly true for people who touch type, or who rely on auto-correct. Well-known web addresses such as www.apple.com, for example, can easily turn into www. aple.com or www. appöe.com.
Sloppy spelling is not always to blame when a user ends up on the wrong website. Many web addresses are misspelled out of pure ignorance. Not everyone in fact knows that Apple is written with “LE” at the end. People very often write as they speak, thus the web address might easily be written www.appel.com. Other examples include www.salando.com instead of www.zalando.com, or www.addidas.com instead of www.adidas.com.
- Wrong domain extensions
In recent years, more and more new top-level domains have been added. The next round is due in 2019. This, too, increases the likelihood of this form of typosquatting. Scammers are looking specifically for well-known brand domains in combination with unused extensions. Let’s use www.apple.com again as an example. Typosquatting here might make use of www.apple.online or www.apple.live, although the most common is www.apple.co. Combining the brand name with the top-level domain for Colombia, .co, drew in numerous Internet users who had forgotten to include the last letter in the most frequent TLD, .com.
- Alternative spellings
Users may also be misled by alternative spellings of services, brand names or product names, such as www.photografie.com instead of www.fotografie.com, or www.phantasie.com instead of www.fantasie.com.
- Hyphenated domains
This involves either omitting or adding a hyphen in order to illegally direct traffic to your own typo-domain. One prominent example was the website of the German chancellor, www.angela-merkel.de, during the 2013 election campaign. For a brief period, visitors reached the website of campaign opponent SPD by entering www.angelamerkel.de (omitting the hyphen).
- Supplementing well-known brand domains
If common brand domains are supplemented by appropriate words, a legitimate-sounding web address is quickly created. Let’s stick with the example of Apple. It results in websites such as www.apple-onlineshop.com, which may sound correct, but which has nothing to do with the brand owner and is used to spread advertising or malware.
- Prepending with www
Something that is in fact typosquatting, albeit in a very original form, is when three Ws are prepended before the actual domain name. Since it is not in fact necessary to enter www. in the browser line, you will end up on the wrong homepage if you type wwwapple.com. That small, forgotten dot can cause a great deal of damage.
4. What are the dangers of typosquatting?
What is it that makes typosquatting so harmful? There’s a simple answer: No one registers a domain with the above typos and misspellings just for fun. Typosquatters usually have criminal intentions and are trying to profit from typosquatting domains. In the 2006 Google typosquatting case mentioned above, for example, the scammers sent malware downloads to unsuspecting visitors.
Typosquatting is dangerous not only for users, but also for brand owners. The latter suffer by losing valuable traffic to typo-domains, and thus missing out on revenue. Nor can damage to their reputation be ruled out.
Below are some of the possible motives for typosquatting:
The aim of this kind of typosquatting website is to steal data. Email addresses can be obtained, for example, which can be sold for a lot of money. Phishing websites may feature surveys, prize draws or gift campaigns. Broadly speaking, phishing covers the collection of personal data, and the related identity theft. Fraudsters specifically target sensitive user data such as credit card numbers. This enables them to completely drain an account without being noticed. In order to access this sensitive user data, a perfect 1:1 replica of the original website is often created.
- Domain parking
In this case, typosquatters exploit brand owners’ desperation. They register typosquatting domains, then attempt to sell them to brand owners at completely inflated prices.
- Product counterfeiting
The aim here is to imitate a brand owner’s actual website as faithfully as possible, and then to successfully market counterfeit products.
- Tapping traffic
Typo-domains are a quick and easy way for an unknown company to attract traffic. The typo-website markets the company’s own products, and advertises apparently good promotional offers.
5. What is the difference between cybersquatting and typosquatting?
Typosquatting is often used as a synonym for domain squatting. This is not entirely accurate. While typosquatting is based on typos or spelling errors, so-called cybersquatters register or use domain names that do not belong to them.
6. A definition of cybersquatting
The term “cybersquatting” can be understood as the improper registration of domain names containing legally protected terms – for example brand names, protected product names, company names, or the names of well-known persons.
Cybersquatters attempt to sell these domains for as high a price as possible to the actual owner of the rights – that is, the company, brand owner or individual. In fact, many companies are willing to pay several thousand euros for these “fake” URLs. After all, it is only by purchasing these domains that you can prevent future misuse. Since URL hijackers pay just a few euros to register a domain, cybersquatting can be very lucrative.
7. The history of cybersquatting
The word “cybersquatting” contains the term “squatter”. The term was first used in 1788 to describe an illegal tenant – in other words, someone who uses the property of a third party, even though they are not entitled to do so and are not paying rent. In order to describe a similar situation on the World Wide Web, the term “squatter” was supplemented with the word “cyber”. Cybersquatters are therefore people or companies who are in possession of a “domain”, even though they have no right to it.
One of the earliest legal references to cybersquatting is the Avery Dennison Corporation versus Jerry Sumpton case in 1998. Jerry Sumpton had registered the domain names www.avery.net and www.dennison.net, which were identical to the two brands of the plaintiff Avery Dennison. In addition, Jerry Sumpton had registered around 12,000 other domains for the purposes of cybersquatting.
The judge in the case made it clear at the time that: “The defendants are so-called cybersquatters. They have registered over 12,000 Internet domain names. These are not for their own use, but solely to prevent the actual rights holders from registering these domains. And, like all cybersquatters, the defendants are seeking to profit from this misuse by offering the domains to brand owners at inflated prices.”
8. Examples of typosquatting and cybersquatting
Pinterest case study
The popular photo-sharing site Pinterest brought an action against a serial Chinese cybersquatter. He had registered domain names containing the brand names of start-ups and emerging American companies, including www.pinterests.com and www.pinterest.de. In this case, Pinterest complained that pinterests.com was registered improperly and unlawfully, as it copied the Pinterest logo and the site was used exclusively for dumping advertisements. While big companies such as Pinterest in the United States have been able to comfortably win most cases related to typosquatting and cybersquatting, the enforcement of trademark rights in China and other countries around the world is becoming increasingly difficult.
Donald Trump case study
The TRUMP brand is a registered trademark of Donald Trump. Nevertheless, in 2007, when the Trump Organization announced plans to build TRUMP hotels in Bangalore and Mumbai, India, the company Web-Adviso registered the domains TrumpIndia, TrumpBeijing, TrumpAbuDhabi and TrumpMumbai. The content of the websites on these cybersquatting domains included a parody of Trump featuring his shows “The Apprentice” and “The Celebrity Apprentice”.
According to Trump’s lawyers, Web-Adviso had committed a trademark infringement by registering the domains. In late 2010, Trump’s lawyers requested that the company remove the sites and pay USD 100,000 in compensation for each of the four domains, claiming they had damaged Trump’s reputation. When Web-Adviso refused to surrender the domains and pay the damages, the two parties went before a WIPO panel. The courts then ordered Web-Adviso to pay USD 32,000 in compensation, in addition to transferring the four domains to Trump.
While the domains did not contain the brand name Trump exclusively, they did lead users astray. It was claimed that the combination of brand + location for hotels is a common domain name. In this case, adding a location to the brand name misled users, and also offended Trump.
9. Quantifiable revenue losses due to typosquatting
In the report “Cyber Monday 2016: Typosquatting – A Threat to Brands and Consumers”, published on 23 November 2016, the company FairWind Partners investigated the connection between typosquatting and a decline in sales among the companies concerned. The report demonstrated that typosquatting can cause immense damage. The value of the traffic diverted to the improper typo-domains was estimated at over USD 50 million. This does not include negative consumer experiences, damage to reputation or loss of trust, which are difficult to quantify.
Further information on this interesting report can be found here.
10. Where do most cases of squatting occur?
- Nearly a third of all cybersquatting cases are recorded in the spheres of banking and finance, fashion, Internet and IT.
- Cybersquatting disputes related to new generic top-level domains (new gTLDs) make up over 12% of cases. The most common victims are .STORE, .SITE and .ONLINE.
- In 2017, the majority of the domain-related legal procedures reported to the WIPO were in America, France, UK, Germany and Switzerland. The clear leader was the United States, where brand owners brought 920 cybersquatting cases before the WIPO.
11. What can you, as a user, do about typosquatting?
- Never visit a website by typing the domain name directly into the browser line. Instead, enter the name into a search engine. Real pages usually have far more hits than fake pages.
- Once you have visited the real website, bookmark it, then use only your bookmarks in the future.
- Use a voice command (e.g. Siri) to avoid typos.
- Never click on links that you do not trust 100% – for example links in dubious emails, text messages, messaging services or social networks.
- Never open suspicious email attachments.
- Use antivirus software to protect your PC against malware and ransomware.
12. What can website owners do to prevent typosquatting?
- Register important and obvious typo-domains yourself, and redirect these domains to the correct domain that does not contain a spelling mistake.
- In addition to a country extension, such as .de, register other relevant top-level domains, including .com, .shop or .web, to prevent cybersquatters from registering them.
- Register alternative spellings of your domain name, such as www .phantaise.com and www .fantasie.com.
- Register variants with and without hyphens.
- Use anti-spoofing technology.
- Use secure email gateways.
- Inform your customers and users about possible phishing attacks.
- Verify your accounts on social media, and inform users.
- Secure your website with a suitable SSL Certificate.
- Use more trust elements on your website to boost your visitors’ confidence in your business and website.
- Register your brand name with the Trademark Clearinghouse (TMCH), and use the Trademark Registry Exchange Service of ICANN (TREx). This will mean that unauthorised domain registrations by typosquatters and cybersquatters will be blocked – both during the sunrise period and beyond.
- In addition, enter a brand-related term in the Domains Protected Marks List (DPML) of the Donuts registry. Over 200 new TLDs with this brand name will then be blocked, even after the sunrise period.
13. Domain monitoring by EBRAND
If you want to keep yourself safe from typosquatting, and if you want optimal protection for your brand from fraudsters, you can count on the comprehensive offer of EBRAND. We not only take care of trademark registration with ICANN, as well as inclusion in TREx and DPML, but we also offer a highly effective domain monitoring tool that monitors over 1,000 top-level domains worldwide. And it doesn’t stop there. We analyse and assess possible violations, and take legal action. Of course, we also advise trademark owners on “typosquatter-safe” domain portfolios and register selected domains for you. Further information is available on our website under Domain Monitoring.
This post is written by Stefan Hoffmeister, Digital Brand Protection Manager, EBRAND Germany.