{"id":7684,"date":"2022-05-02T20:23:06","date_gmt":"2022-05-02T20:23:06","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=7684"},"modified":"2022-06-05T17:11:00","modified_gmt":"2022-06-05T17:11:00","slug":"what-is-typosquatting-how-does-it-work-in-2022","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/what-is-typosquatting-how-does-it-work-in-2022\/","title":{"rendered":"What is Typosquatting: How Does It Work in 2022?"},"content":{"rendered":"

There is a special trap on the Internet for people<\/strong>, who type the website address into the browser\u2019s address bar, instead of using search. Yes, few people do so in the times of auto-fill, but there are still some romantic souls out there. The trap is called typosquatting, and you can guess what it means from what it sounds.<\/p>\n

Typosquatting<\/strong> is a way to benefit from users making typos while entering the website address by hand. How anyone would pull that over, what is the possible win, examples, and nuances of this fraudulent practice is coming up in this article.<\/p>\n

What is Typosquatting?<\/h2>\n

Typosquatting starts with crooks having a ready domain which is a misspelling of a well-known high-traffic website. Like real squatters occupy abandoned buildings without paying for them, typosquatters take Internet domains paying very little for it compared to the possible gain. The benefit comes from harnessing the natural traffic<\/strong> (flowing to the exploited website) or making a typo-based domain a part of a more complex phishing campaign.<\/p>\n

A related term to typosquatting is cybersquatting<\/strong>. The relation between these two is such that the former is the special case of the latter. Cybersquatting is any usage of domain names in bad faith, not necessarily related to address misspelling. At the dawn of the domain name system, there were many cases of unprecedented, thus hard to solve, disputes between companies and cybersquatters.<\/p>\n

\"Typosquatting\"<\/h2>\n

Typosquatting algorithm work<\/em><\/p>\n

How Does Typosquatting Work?<\/h2>\n

In order to make their schemes work, frauds need their victims to end up on the spoof instead of a brand website. The error mechanisms that lead users to a trap may vary, and each is reflected in a certain type of domain name concocting.<\/p>\n

Typos:<\/h4>\n

What could be more trivial than a typo?<\/strong> The age of automatic form filling doesn\u2019t stop many of us from quick keyboard access to their most visited websites. And that is understandable, especially when the address is simple and the site is frequently visited. If only it insured the absence of typos!<\/p>\n

Spelling mistakes:<\/h4>\n

Not knowing how to spell a word correctly is not a typo<\/strong>. But that doesn\u2019t stop crooks from landing their victims on pages specially crafted for spelling mistakes of known addresses. Brand owners often buy wrong-spelled domain names in advance, second-guessing the intentions of cybersquatters<\/strong>. Then they set all misspelled addresses to redirect users to the actual brand website.<\/p>\n

Top-level domains:<\/h4>\n

The most Internetish typo-involving fraud schemes are the ones that mess with top-level domain names. TDLs are the website address endings that indicate the country<\/strong> to which the domain refers (.uk, .fr, .us, .io, etc.<\/em>) or the type of an organization (.com, .org, .gov, etc.<\/em>) If a TDL is not a part of a website name easily recognizable by ear, the frauds can easily take advantage of users here. Who remembers was it .com or .org after all?<\/p>\n

Also, one particular top-level domain is a typosquatters’ hotspot. It is the Colombian national domain .co, which is a common typo of .com – the most used TDL<\/strong>.<\/p>\n

Hyphens:<\/h4>\n

This kind of cybersquatting is more of a spoofing inventory for a phishing attack than typosquatting per se. People don’t randomly or automatically use hyphens, and users are likely to double-check the spelling when they are unsure where to place the symbol. But if the crooks manage to lure someone onto a fake webpage<\/strong>, an incorrectly hyphenated address might serve them as a perfect disguise that wouldn’t trigger suspicion. Who would ever notice an extra hyphen in an address like “johndoe-online-store.com?<\/em>”<\/p>\n

NOTE:<\/strong> Maze ransomware attack<\/a> is very common in 2022, you should be careful and know the tips on how to prevent.<\/em><\/p>\n

How to Make Typos Benefit<\/h2>\n

It is reasonable to ask: ok, someone has accidentally ended up on a squatted webpage. Then what? It turns out that there are many ways to monetize the typos and misspellings.<\/p>\n