5 Ways Businesses Can Prevent Typosquat Domains

Typosquatting is a social engineering cyberattack where malicious actors will prey on anticipated ‘typos’ (keyboard misspellings) by setting up alternative domains (squatting) similar to the official domain of a website.  

The motivation behind typosquatting is often malicious, and may be done with the intention of installing malware onto the user’s computer or stealing personal and sensitive information. 

Threat actors will typically use URLs that are common misspellings of the actual address and will use a similar design and branding to the targeted site in the hope to deceive users into thinking they are using the actual website. An example would be ‘Goggle.com’ rather than ‘Google.com’. 

For a business, suffering typosquat attacks can be damaging. Traffic to your site may be diverted elsewhere and reputational harm is also likely if users are being expoited on typosquat domains. 

Therefore, it is important businesses are working to prevent typosquat domains from popping up. Here are five ways organisations can combat them: 

1. Register similar domains 

A way to stop users going to typosquat domains instead of your own is to register similar domains before typosquatters can. This include obvious misspellings, alternate spellings and variants with and without hyphens. It also includes various top-level domains (e.g. .org and .com) and country specific extensions (e.g. .co.uk). Once these are registered, these similar domains can be rerouted to redirect to your official domain and site. 

2. Register brand name with TMCH \  \ Businesses should register their brand name with Trademark Clearinghouse (TMCH) so that ICANN (Internet Corporation for Assigned Names and Numbers) can check for unauthorised domain registrations and block them.  
3. Ensure you have an SSL certificate \  \ SSL certificates are great way to show that a domain is legitimate. They must be ratified and indicate a site is what it says it is. High-level certificates (which the majority of businesses are expected to have) also prove that data is secure on the site. Typosquat domains are unlikely to have an SSL certificate so it is a sign you are using the official site. 
4. Notify stakeholders \  \ Rather than trying to resolve typosquatting problems in the dark, businesses should inform their stakeholders if it is believed somebody is impersonating (or preparing to impersonate) them. Transparency can aid in potential reputational damage and by letting customers, employees and other relevant parties know about malicious typosquat domains, it can help prevent them falling victim to attacks. 
5. File a case with WIPO \  \ Under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), trademark holders can file a case with the World Intellectual Property Organisation (WIPO) against typosquatters. Through this domains can be reclaimed, so long as the complainant can show:  \ \
   • The registered domain is identical or confusingly similar to their trademark \
   • The registrant has no legitimate interest in the domain name \
   • The domain name is being used in bad faith 

By following these 5 tips, businesses can help prevent typosquatting from damaging their organisation. Through Securiwiser’s website monitoring tool, indications of possible typosquat domains can be found, which can then enable you to resolve the issues if they are indeed present. Try it for free today.