Grant McGregor Blog

What is Typosquatting? And What Can You Do to Protect Your Organisation from It?

Written by the Grant McGregor Team | Feb 1, 2021 10:00:00 AM

A phishing method which relies on “typosquatting” is on the rise. But what is typosquatting? And how can you protect your organisation from it?

Typosquatting is nothing new – ever since the early days of the Internet, people have been cashing in on domain names that sound or look like the official websites of major brands.

What is new is that cyber criminals are now using this approach to launch phishing attacks.

We’ve looked at phishing attacks plenty of times on our blog in the past, but it is worth noting this new attack vector and being ready to protect your organisation from any typosquatting and associated phishing attacks.

What is typosquatting?

Typosquatting(1) refers to the purchase of domain names that are very similar to legitimate websites.

Often it may be something as simple as adding a hyphen where there shouldn’t be one. Or using a slightly different spelling of the company name. Using zeros instead of the letter O or ones instead of the letter I is another popular misspelling favoured by the typo squatters.

How are phishers using typosquatting?

Essentially, the phishing attack is a four-step process:

• Criminals register a domain that looks similar to a legitimate one, then create a version of the website that looks very similar to the legitimate website.

• By gathering email from social media or your company website, the criminals then use your company logo to create and email that appears to come from inside your organisation.

• The email is sent to people you know, such as your suppliers, partners, or customers.

• The email includes a link to a landing page on the squatted domain – where your unsuspecting contacts may be asked to fill in personal details or to change or update payment details.

Why is typosquatting so worrying?

These emails and websites can look scarily legitimate. This creates a false sense of security for anyone who falls victim to the phishing attack – and some worrying reputational damage for your organisation.

It is perhaps more worrying because it’s not possible to prevent someone registering a domain with a slightly different name from your own.

Plus, this type of fraud isn’t something that would normally be picked up by your security systems because the domain names used are perfectly legitimate domain names – they’re just not quite the right spelling to get people to where they are expecting to go.

What can you do about typosquatting?

Purchase similar domain names as yours. Think about possible typos and, at a minimum, we recommend you purchase:

• Common misspellings

• Singular and plural versions of your company name

• Hyphenations

• Common domain extensions – at a minimum you should own the .co.uk, .com, .org.uk and .net

This leaves the best way to protect your organisation – and your customers and other stakeholders – from typosquatting as the purchase of all those potentially squattable domain names for yourself.

Once you’ve registered all possible versions of your domain name, they can be redirected to your core domain. For a best practice example, see how Microsoft redirects Microsoft.org to its primary .com domain – landing visitors on a page about social and corporate responsibility(2) on the main website.

Protecting your staff from typosquatting phishing attacks

We recommend that you warn staff about all potential attack vectors as part of your regular cyber security awareness training programme – and the new phishing attack vector that relies on typosquatting should be no different.

• Make sure that staff are aware of the potential problem.

• Double check that they are checking domain names and links before clicking on them (this can be achieved practically as part of a cyber awareness training solution).

• Ensure that customer-facing staff are ready to advise your customers about what a legitimate email will look like – and how to spot a phishing email.

Protecting your customers and partners from typosquatting phishing attacks

If you are aware of a phishing attack that uses this attack vector, then it’s incumbent upon you to warn your customers, suppliers and other partners as soon as you can. Let them know what a legitimate email will look like and how to spot the phishing attack. Encourage them to report anything that looks suspicious.

However, really, the best way to protect your customers is to buy up the online real estate that might be mistaken for your brand’s domain. Pre-emptive action is always better than the cure.

It might seem expensive to register so many domains for your organisation, but the cost of not acting might be much higher.

How widespread is the problem?

Typosquatting is not a new phenomenon.

Microsoft’s case against Mike Rowe(3) – a software developer who thought it would be fun to register his business as MikeRoweSoft.com – is perhaps one of the most renowned. The tech giant initially offered Mike Rowe $10 in compensation, but he held out for $10,000. Instead, because of his intent to profit from selling the domain to Microsoft, his action was held to be cybersquatting and Rowe was handed a cease-and-desist order by the WIPO.

However, some examples are a little murkier. In 2019, digital risk company Digital Shadows published a report(4) into hundreds of fake domains that had been set up against some of the USA presidential candidates.

Today, the use of these sites to launch phishing attacks is a new danger – and a reason to take the phenomenon of typosquatting a little more seriously.

Do you need extra advice or help?

If you would like help with purchasing domains, reach out to Grant McGregor and we will direct you to our Change team.

You can also download our handy guide on how to protect yourself from typosquatting here:

The sooner we all take action, the better. 



Sources:

1. https://whatis.techtarget.com/definition/typosquatting

2. https://www.microsoft.com/en-us/corporate-responsibility

3. https://www.searchenginepeople.com/blog/tposquatting.html

4. https://www.techrepublic.com/article/how-to-protect-your-organizations-website-against-typosquatting/