Another common internet scam is typosquatting or URL hijacking. Typosquatting is a type of cybercrime that involves websites creating that simulate well-known sites. Domain names registered by cybercriminals are very similar in spelling to real websites addresses. A mistake in a fictitious address is deliberately allowed by attackers. Thus, the attack is targeted at users who accidentally incorrectly enter the website address directly into the address bar. Cybersquatters register several domain names with a common (often misspelled) target address.

The main purpose of such fraud is: distribution of malware, scams, phishing campaigns, etc. Most of all, attackers are interested in social media, financial organizations, trading platforms where is a possibility to earn money on users. Users are often unaware that they are browsing or shopping on a bogus site.

Typosquatting is possible due to typos, spelling errors, or misunderstandings of a popular domain name. A user who made a mistake and did not notice it may accidentally end up on the attacker’s site. One of the victims of typosquatting was Google in 2006 by the site Goggle.com, which is considered phishing. Attackers also look for similar URLs such as foogle.com, hoogle.com, boogle.com, etc. Typosquatting poses a serious cybersecurity threat to businesses with high traffic volumes.

The main types of typosquatting:

• Typos (for example, faacebook.com);
• Spelling error (gooogle.com);
• Wrong domain extension (google.co);
• Alternative spelling (getphotos.com and getfotos.com);
• Hyphenated/combosquatting (facebook.com and face-book.com);
• Addition of real sites domains (apple.shop.com and apple.com);
• Use of “www” (wwwfacebook.com and www.facebook.com);
• Abuse of country code (twitter.cm and twitter.com).

The popularity of typosquatting is forcing large companies (Apple, Google, Facebook, Microsoft etc.) to register different variations of their domains or block potential misspelled domains through the Internet Corporation for Assigned Names and Numbers (ICANN).

Typosquatting goals:

• Bait and switch: the attacker’s site sells the user the product he/she wants to purchase, but doesn’t deliver it;
• Imitators: copying a website to carry out a phishing attack;
• Brand ridicule;
• Surveys and giveaways: a bogus site offers a feedback form through which confidential information is stolen;
• Traffic monetization: placement of advertisements and pop-ups to generate income from site visitors;
• Affiliate links: redirecting traffic to the brand through affiliate links to receive a commission on all purchases;
• Installing malware;
• Phishing

How to avoid typosquatting?

• Domains registration with obvious misspellings and redirect them to a website (including registering other extensions, alternate spellings, with or without hyphens, etc.);
• Brand registration with the Trademark Clearinghouse;
• SSL certificates usage;
• Typosquatters can use email to submit their site instead of the real one. It is important to use secure email gateways and software to detect mismatched headers and sender addresses.