Typosquatting, for those unaware, is where a registrant registers a domain name that takes advantage of an internet user mistyping a domain name of a prominent brand. One example given by the researchers was vacebook.com, whose registrant sought to take advantage of those that mistyped facebook.com and who would otherwise receive an error message for the domain being unknown. In May 2013 Facebook was awarded $2.8 million dollars in damages as a result of typosquatting and were awarded over 100 domains that were typosquatted.
The study, conducted jointly by researchers at the Belgian University of Leuven and Stony Brook University in the US, is thought to be the first content-based longitudinal study of typosquatting.
Researchers trawled through 900 GB of data from 3,389,137 web pages and 424,278 distinct WHOIS records gathered over a period of seven months.
And the researchers found that even though 95 percent of the popular domains investigated are actively targeted by typosquatters, only a few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains.
The researchers also found typosquatted domains change hands from typosquatters to legitimate owners and vice versa, and that typosquatters vary their monetisation strategy by hosting different types of pages over time. Typosquatters are also on the look-out for expiring registrations of popular domain names. The researchers found that 50 percent of all typosquatting domains can be traced back to just four typosquatting page hosters and certain top level domains (TLDs) are much more prone to typosquatting than others.
When the researchers looked at the 500 most popular websites, they found that 477 of the domains for these sites had at least one malicious typosquatting domain. Additionally, only 156 of the authoritative domains in the list had defensive domain registrations, which means the remaining 344 domains (representing 68.8% of the 500 most popular websites) have no defensive registrations whatsoever.
Of the top three of the top 500 with the most defensive registrations, huffingtonpost.com came out on top with 57 defensive registrations, americanexpress.com with 42 and bloomberg.com with 39. The top three of authoritative domains with the most malicious typosquatting domains were adultfriendfinder.com with 132 typosquatting domains, constantcontact.com with 103 typosquatting domains and odnoklassniki.ru with 97 such domains. Alarmingly, out of the three banks in the top 500 list (bankofamerica.com, hdfcbank.com and icicibank.com), only bankofamerica.com has defensive registrations.
The researchers also found, contrary to earlier research, that the longer the domain the greater likelihood of typosquatting. With a longer domain name, the number of possible typosquatting domains following the character substitution model rises very quickly. This change has come about in the last six years.
From a policy perspective, the researchers found a few ways to dissuade typosquatters. One was price. Typosquatting can only be profitable if the revenue from a domain name is greater than its cost. Hence, the researchers believe the more expensive the TLD, the less incidences of typosquatting. The adoption of strong dispute resolution policies is another determinant while eligibility restrictions can also make it more difficult for typosquatters.
In their conclusion, and in summary, the researchers give six main results, these being:
- Few trademark owners protect themselves against typosquatting by defensively registering typosquatting domains for their own domains
- Over 75 percent of all possible typosquatting domains for short popular authoritative domains are already registered, and that typosquatters are increasingly targeting longer domains
- Typosquatters are varying their monetisation strategy over time
- Some companies choose not to renew their defensive registrations of typosquatting domains, leading these domains back into the eager hands of typosquatters
- Up to 50 percent of all typosquatting domains can be traced back to just four typosquatting page hosters
- Certain TLDs are much less prone to typosquatting than others, due to their price setting and local registration and arbitration policies
To download the results of the study in full, go to: