What is typosquatting?
To understand what typosquatting is, we need to get some concepts straight first, namely, "squatting", "typo" and cybersquatting.
- Squatting refers to the illegal "taking" of property. This can be physical places such as houses and land or online such as domains and websites. So an example might be a group of people squatting a house. They take over the house illegally, without the permission of the owner.
- The next concept to get right is typo. It is an abbreviation for "typographical error", so, when we make a typing error.
- Finally, there is cybersquatting. As the word might suggest, it's squatting, but online. It could be hackers taking over a website without the consent of the domain owner.
Typosquatting, or URL hacking, is a typo that hackers exploit to their advantage. It is the people who make a typo when searching on a website who are affected by typosquatting.
Hackers exploit this human error by owning domains that people could typically come to search on, by a typo followed by a search. Hackers register domain names that might look like:
Unfortunately, hackers are so good at their job that often you won't notice you're on a fraudulent website. Because you don't notice, you might end up state personal data because you're shopping on that website. And then the hacker has free access to your information.
How does typosquatting work?
As mentioned, the reason hackers can succeed in hacking by typosquatting is that you type a URL incorrectly. This is by misspelling and misunderstanding names - this can happen on both popular websites as well as smaller websites. However, hackers focus on larger websites as these get the most visitors and therefore more people who make typos and end up on a spoof site.
An example of typosquatting is Google, which in 2006 suffered a typosquatting attack when the website Goggle.com was typosquatted. Users ended up on a hacker's website and could risk having their information stolen or leaked. In addition, hackers are seen registering domain names such as foogle.com, hoogle.com and boogle.com, due to the physical location of the letters on the keyboard.
It is easy to click on a website called goggle.com instead of google.com, which is why it is exploited in phishing attacks. So if you have a website with high traffic, you should be aware if there could be typosquatting around the website. If you are aware of typosquatting, you can secure customers and visitors of the right website, for example by buying the domain names for the nearby names.
Different types of typosquatting
There are many different types of typosquatting used by hackers. Below is a list of the types that you should be careful to avoid:
- Typos. This is the typical error that hackers exploit. As mentioned, they use both the physical keyboard as a pointer, as well as what typos are frequently occurring.
- Spelling errors. Along with typos, this type of error is frequent for users when accessing a website. Here the aforementioned example of "gooogle" is common, for example if you cannot remember how many o's are in Google.
- Wrong domain name. This can be the country code, such as .dk, .de or .com, but it can also be the name itself, as in the case of misspellings and typos. For example, if you're going to a website that ends in .org, but by habit writes .com, then hackers can take advantage of our habits and squat on that website with .com.
- Alternative spellings. This type is an extension of misspellings, as alternative spellings are exploited in this type of typosquatting. This could be spelling Apple as Abble, dicipline as diciplin, or fotos instead of photos. It's small stuff, but it's also what hackers do best.
- With or without a hyphen? Hackers also know that it can confuse whether a domain has a hyphen in its name or not. So if a website is called barnesandnoble.com, a hacker might have a domain called barnes-noble.com
- Simulate popular companies. A trick that cybercriminals also use is corporate domains. So if it's called moxso.com, a hacker might come up with a fake domain called moxso-training.com - they keep to the company's specialisation so we more easily mistype and end up on their website.
What are the risks of clicking into a typosquatted website?
Several major companies, due to typosquatting, have had to buy domain names that are similar to the original domain. In this way they can prevent typosquatting associated with their website.
Hackers will typically develop malware that will be installed on your device as soon as you tap into their typosquatted website. This can lead to ransomware attacks, where they take your information hostage and demand a ransom in order for you to get it back. In addition, they can also retrieve personal data, such as credit card details.
Some hackers impersonate a legitimate website, others hide their phishing in surveys or competitions - both designed to get people to click on links to their illegitimate website.
The main risk of clicking on links and the hacker's website is that they gain access to your personal data. This is your social security number, card details, email addresses and so on, which hackers will use to access your bank accounts and other important documents and files.
In addition, hackers can also easily install malware on your devices if you access their websites. If they get malware installed, it is very easy for them to take over your entire computer - and, again, access your personal data.
We therefore encourage you to always pay attention when typing the URL into your browser and check that it is the right domain you have typed. By doing this, you can ensure that you don't end up on the hacker's websites, giving them access to your private files.
Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.