By 
Typosquatting (also known as URL hijacking or using a fake URL) is a form of cybersquatting in which an individual sets up a website that incorporates one of several typographical errors typically made when Internet users type in the address of a website. website. Typosquatters most often take advantage of four common typos:
1. A common misspelling or the spelling of a foreign language;
2. A misspelling based on typographical errors, such as omitting a letter;
3. A slightly different phrase, such as adding an “s” to a word; Y
4. A different top level domain, such as “.org” instead of “.com”.
The typosquatters then use those bugs to their own advantage, often for personal gain. Some common uses of erroneous domain names include: trying to sell the domain name to the original owner of the brand; pass off the website as part of the brand entity; earn money with pay per click revenue; redirect to a competitor; and engage in malicious activities (hacking passwords, installing malware, etc.).
A 2011 study found that 80% of all misspelled domains led to websites that were somehow associated with malicious intent on the part of the typosquatter. The study, conducted by Sophos, looked at six domain names: Facebook, Google, Twitter, Microsoft, Apple and Sophos. The study then looked at websites that incorporated three simple typos: leaving out a letter; misspelling a letter; and adding a letter.
According to the study, Sophos found that the most frequently used misspelled domain names were associated with those companies that had a high profile and had frequently visited websites. The study found that the percentage of active domains with the most common misspelled domain names was as follows:
apple 86%
Google 83%
Facebook 81%
Twitter 74%
Microsoft 61%
sixteen%
The study found that the highest proportion of misspelled domain names (15%) led Internet users to advertising sites. Another 12% of websites were related to IT and hosting websites. 2.7% of websites were considered cybercrimes, meaning they were at some point associated with hacking, phishing, online fraud, or spam. Another 2.4% of the websites contained adult content or were dating sites.
Sophos also found that the imitated company had an impact on the type of activity on the typosquatter website. Apple, for example, had a higher percentage of bait-and-switch attempts with iTunes. One company used a couple of domain names that appeared to offer iTunes software downloads, but instead enticed consumers to pay $0.99 for “unlimited downloads,” in reality, file download-related tech support forums of audio and video.
By contrast, Google was the brand that was most abused, with third parties providing search pages and presenting sponsored links as part of search results.
Companies are taking typosquatters seriously and fighting back, both through administrative procedures and the legal system. Some companies, such as Lego, use the Uniform Domain Name Dispute Resolution Policy (UDRP) procedures to bring cases to the World Intellectual Property Organization (WIPO) against typosquatters. In fact, by 2011, Lego had spent approximately $500,000 in various UDRP proceedings against 309 typosquatters.
Facebook, on the other hand, sought protection in the California court system. As a result of their lawsuit, in 2013, Facebook was awarded nearly $2.8 million in damages against various typosquatters who had registered 105 domains, including gazebook.com, gfacebook.com, and faacebok.com. Additionally, the criminals had to hand over the domain names to Facebook.
Typosquatting is potentially a simple way to monetize Internet users who misspell a domain name. Such practices are likely to continue unless companies take proactive steps to quickly monitor and shut down typosquatters through administrative and legal procedures. More information about preventing typos can be found on the company’s domain name litigation services page.