What Is Typosquatting?
Typosquatting is a type of cyber attack that purposely misspells website domains to lure and steal people's personal information and data.
Typosquatting is a subset of a cyber attack on an individual or a business. A person will usually create a website URL that is similar to an already registered domain name, in an effort to lure individuals to the forged website. This allows an individual’s personal information to be stolen. The most common ways in which this occurs is when someone misspells a website URL when typing it into their browser. They are then led to this fake website thinking it is the real one.
How does Typosquatting occur?
There are a variety of different ways that typosquatting can occur to. These are all things that you should be vigilant of. For example:
Fake domain names can use an alternative method of spelling the website URL. For example, instead of “lawpath.com.au“, someone can create a fake website spelled “laawpath.com.au”. An individual searching for the real Lawpath website may not even realise the typo they have made.
For more popular brands such as Apple or Nike, there can be alternate decoy websites created as well. This means that an individual is buying products from a fake website, thinking they are buying genuine brands.
Another way typosquatting occurs is when there is a hyphen in an already normal looking website URL. A lot of websites have a hyphen in their name which can detract from its authenticity. For instance, a fake website may have a hyphen such as “law-path.com.au”
Typosquatting can also occur if someone creates a website with a fake domain extension. This is when the URL ends in .org or .com but is changed to lead a person to believe it is a real website.
What does it do?
There are a number of things falling victim to typosquatting can do. This type of cyber attack can have a negative impact on both individuals and businesses. Firstly, it enables malware and other types of cyber-attacks to occur. These cyber attacks attempt to cause data breaches for customers and businesses. Secondly, as a result of these fake domain websites, the real businesses lose money. Thirdly, an individual’s personal data such as credit card information, passwords etc are stolen and used. Overall, it is a type of cyber attack that relies on someone who is likely to not check their spelling or authenticity of a website.
How can you protect yourself/your business?
The auDA is the agency that takes care of the Domain Name System specifically for the “.au” domain. Accordingly, the auDA has made a Prohibition on Misspellings Policy which was implemented in 2008 to prevent the practice of typosquatting. You can lodge a complaint with the auDA and they will investigate the situation for you. Furthermore, the Australian Cyber Security Centre has information on Domain Name System Security for Domain Owners. Its purpose is to shed light on how people can abuse the domain names through practices such as typosquatting. If you are a domain owner, you should be aware of any false websites that are using your domain. Additionally, you must report them the second you are aware. If you own a business, it may be worthwhile to protect yourself by getting cyber insurance. Further, click here to find out how to can make your business cyber safe.
To conclude, typosquatting is a type of cyber attack that uses domains similar to active domains to create a fake website to lure people into it. As such practices will probably continue to occur, it is important for individuals and business owners to remain vigilant. Precautions should be taken when using a website and domain owners should be active in looking for any decoy websites under their domain name.
Mahima is an intern at Lawpath, and is currently studying a Bachelor of Laws degree with a major in Criminology at Macquarie University. Mahima has an interest in legal tech alongside cyber security and criminal law.