Typosquatting is a form of cybersquatting which relies on the chances that a person who enters a website address into a web browser will accidentally enter an incorrect website address and be led to an alternative address which the cybersquatter owns.

Overview

Generally, the victim site of typosquatting will be a frequently visited website.

The typosquatter's URL will usually be one of three kinds, all similar to the victim site address:

1. A common misspelling of the intended site; for example, webadress.com
2. A misspelling based on typing errors; for example, wwebaddress.com or wwbaddress.com
3. A differently phrased domain name; for example, web-address.com

(In all previous examples, the intended website is webaddress.com.)

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. Sometimes competitors of the victim site will do this.

Alternatively, the user will be forwarded to a site of a completely different nature to what they intended. This tactic is often used by pornographic websites and comedy websites.

Sometimes, the typosquatters will use the false addresses to distribute viruses, adware, spyware or other malware.

Combatting typosquatting

A victim website will usually send a cease and desist letter to the offender at first, in attempt to quell the activity.

They may also try and purchase the website address from the typosquatter, which could have been the typosquatter's aim all along.

Occasionally, lawsuits will be taken against the offending site or individual.

A company may try and pre-combat typosquatting by obtaining a number of websites with common misspellings and redirect them to the main, correctly spelt website. For example www.gooogle.com, www.goolge.com, www.gogle.com, and others, all redirect to www.google.com.

Examples of typosquatting

• The domain of the Web site of the President of the United States, www.whitehouse.gov , has two high-profile "misspellings": www.whitehouse.com, which was a pornographic Web site, and www.whitehouse.org , a satirical site.

• Wikipedia is also a victim of typosquatting: www.wiipedia.org, www.eikipedia.org and www.wilipedia.org are all websites which contain pop-up ads, spyware/adware downloads, and ad-generating search engines.

• A related gambit is obtaining "800" numbers that correspond to misspellings; a good illustration is AT&T's sudden abandonment of "1-800-OPERATOR" and replacing it with "1-800-CALL-ATT". It seems that many Americans don't know how to spell operator, enough that MCI Communications was raking in a lot of business with "1-800-OPERATER", reaping the benefits of AT&T's advertising. (In both numbers, the final "R" is superfluous.)

"Catchall" typosquatting

Other than individual domain name purchases, several attempts have been made by larger corporations to profit off of user typos by redirecting them without their knowledge.

• Microsoft's Internet Explorer automatically redirects users' mistyped URL queries to their MSN Search page. Though a user can reconfigure their browser to use a different search tool, Google, MSN's biggest rival, is not in the list and a custom engine cannot be specified by the user.
• Top-level-domain registrar VeriSign's Site Finder service automatically redirected traffic to URLs not registered by users. This caused a fair amount of outrage from the internet standards community, and an emergency patch to the BIND protocol was issued to circumvent Verisign's service.
• Paxfire a startup company, sells partner ISPs a tool that redirects mistyped queries to a Paxfire-generated page with sponsored advertiser content related to the mistyped "hotword". Revenue generated from user clicks is split between Paxfire and the ISP.
• Certain types of malware pose as browser plug-ins and redirect a user's web requests or search queries without their knowledge or consent, even if the URLs themselves are properly typed.

See also

DNS, top-level domain, URL, cybersquatting, UDRP

External links

• The Typo Millionaires (Slate, 11 February, 2005) - This article's author identifies new forms of typosquatting, including Verisign's Site Finder and Paxfire.