Spelling matters

Two doors, identical except for colour, illustrating typosquatting

There must be very few of us who have never typed in the wrong web address for a website—even if only out by a single letter—and ended up somewhere unexpected.  

Your end destination might be entirely innocuous, and the website in question innocent of all bad intent. After all, there aren’t an infinite number of good domain names. But this isn’t always the case, and deliberately setting up a domain name that mimics another one, is known as typosquatting.  

What is typosquatting? 

There are a wide range of different types of typosquatter. 

There are some (small and usually very short-lived) companies that rely on typosquatting, and hope that by having a very similar name to another site, they’ll get some extra visitors and maybe make some extra sales, or earn money through showing you adverts.  

Some of them might end up running scams, persuading you to buy something that you think comes from the known site. You hand over your money, but never receive the goods. 

Some will try to harvest your information by creating a site that looks very similar to the original site, and asking you to log in or enter other personal data, which will then be used (or sold) for phishing.  

Then there are other groups who deliberately set up such close-cousin websites and infest them with malware, in the expectation that you will arrive by mistake, and end up infected with the malware.   

Of course, that relies on you typing in the wrong name by accident. What if you clicked on a link in an email or on social media that was also ever-so-slightly wrong? 

For instance (look closely): exarnple.com, exsample.com, example.cm, examp1e.com, examplë.com 

If you weren’t looking carefully, you might easily end up in a bad neighbourhood. 

What can you do about typosquatting? 

To avoid ending up somewhere you didn’t intend to go, whether by typing or by clicking on a link, you’ll need to pay close attention to the spelling. 

Avoid clicking on unexpected links in emails, texts, chat messages or on social media wherever possible; if you have to click the link, try to see what address the link will take you to before clicking (try hovering your mouse, or press-and-hold). 

If you are typing the link yourself, double-checking that what you typed matches what you were expecting. If you’ve visited the site before, your browser may well complete the address for you. 

Alternatively, you could search for the site, and click on the right URL from the search results page. 

And, of course, install antivirus software and keep it up to date. 

What can you do about typosquatting, as a business? 

Risk reduction is the best approach, if possible.  

You should already have an SSL certificate for your site (so that the address is https instead of http). This is a good indicator to visitors that the site is genuine. However, certificates are cheap to buy, so your typosquatter may well do the same, if the outlay is worth it to them. 

If you can afford to, you can register obvious typo versions of your domain name before anyone else does, as well as other relevant country extensions. For instance, if your domain is ‘.co.uk’, buy the ‘.com’ version as well. If you redirect those domain names to the original domain name, you won’t lose any visitors. 

In addition, you can pay for domain name protection services, which will monitor variants of your chosen domain name, and let you know if any other sites look suspiciously like yours. 

However, if you think your business is already being damaged by someone typosquatting your domain, you should get legal advice. 

Are you looking for cybersecurity support and advice? Please call the Click and Protect team on 0113 733 6230 for a chat, or use our contact form to send us an email.