Typosquatting to the right of the dot

Stuart Fuller

The threat of typosquatting has been with us since the first domain names were released over thirty years ago.  Our brains are incredibly clever, too clever in some instances and often we will see what we want to see rather than what is actually in front of us.  For instance, read the sentence below.

"W0rd5 c4n 1o0k v3ry d1ff3r3nt 5omet1m35"

We can all make out the words after a few seconds yet every single one is spelt with incorrect characters.  This is the premise of how a typosquatter works.  Many companies will look at a defensive domain registration policy that encompasses common misspellings of their key brands - for instance for a couple of www.goggle.com, a very common typo of www.google.com takes you to a website that appears to be offering prizes for clicking on links.  Previously, the visiting the website would automatically download potentially malicious software.   Likewise Airfrance was a victim of a typosquatter registering www.arifrance.com and diverting traffic away.  In an age where we carry out so many searches on the small keyboards of our smart devices, typing words incorrectly (not to mention the often bizarre auto corrections) often leads us to the wrong websites or search results. 

Some brands may allow typos to be registered by third parties through formal affiliate networks so they do at least see the traffic eventually, although they do pay more for to get the ultimate customer or order.  This does at least mean they have some control over the content on a misspelt domain name.

However, many companies forget that a domain name consists of two parts, and that typosquatting is just as much of a problem to the right of the dot as it is to the left.  The dotCom domain name is the biggest suffix on the Internet with well over 100 million, or around a third of all domain names registered today.  Those three letters can be accidentally typed in as dotCo, dotCm or dotOm - all three of which are also legitimate Top Level Domains, representing the countries of Colombia, Cameroon and Oman respectively. 

The US security firm Endgame recently undertook a report that looked at the registration patterns of dotOm specifically and has reported a significant increase in typosquatting targeting major brands this year.  In their report they found that over 300 well-known or global brands are being typosquatted by third parties in the Oman domain name space.  One of these domain names was www.netflix.com which redirected to a website asking the user to update their Flash software, which Endgame noted contained malicious applications.  Other major brands being infringed in this way include Amazon, eBay and PayPal - some of the most visited websites in the world under their dotCom domain names.

One reason for the high level of infringements in the dotOm is that the TLD has some high levels of registration criteria.  Whilst this will stop many average cyber or typo squatters, it will make it harder for the genuine brand holders to legitimately register and easier for local registrants to register.  To register a dotOm domain name you need to have your administrative contact address in Oman as well as commercial entities having to provide a copy of their commercial licence or for individuals a copy of their ID or passport that shows their permanent residence in Oman.  Of course, a local agency (also known as Local Presence) could be used but that's additional cost for the registrant.  Contrast this with the dotCM domain name space where all of the companies mentioned above have legitimate registrations as there are no restrictions on who can register a Cameroonian domain name.

It is impractical to expect every organisation to cover every typosquatting eventuality but the concern highlighted by the report from Endgame is that the risk in not registering within certain common misspelt Top Level Domains is now becoming more of a threat for brand holders.  For any organisation, the importance of developing a clear domain name strategy has never been more crucial to a strategy that keeps them and their customers present, protected and prosperous online.