Typosquatting Protection: Defending Your Brand

## What Is Typosquatting? Typosquatting is the practice of registering domain names that are typographical variations of popular or well-known domains — with the intent of capturing traffic from users who make keystroke errors. A user who types `googel.com` instead of `google.com`, or `amzon.com` instead of `amazon.com`, may land on a site designed to deceive them. Typosquatters monetize these mistakes through advertising (parking the domain with pay-per-click ads), phishing (creating a convincing replica of the target site to steal credentials), malware distribution, or traffic resale. Typosquatting is related to but distinct from Cybersquatting, which involves registering domains containing a trademark with the intent to sell them back to the brand owner. Both are covered under ICANN's Uniform Domain-Name Dispute-Resolution Policy (UDRP), but typosquatting focuses specifically on capturing misdirected traffic. ## Common Typosquatting Techniques Understanding the attack patterns helps you anticipate which variants to monitor or register defensively. **Character transposition**: Swapping adjacent letters — `amazno.com`, `gooogle.com`. **Missing letters**: Dropping a character — `googl.com`, `amzon.com`. **Extra letters**: Doubling a character — `amazzon.com`, `googgle.com`. **Keyboard proximity errors**: Substituting adjacent keys — `giogle.com` (i near o), `yshoo.com` (y near u). **Homoglyphs**: Substituting visually similar characters, often from other Unicode ranges — `gοοgle.com` (with Greek omicron instead of Latin o). This is called **IDN homograph attack** and is particularly dangerous because the domain looks identical in some browsers. **TLD substitution**: Registering your domain with a different TLD — `yourcompany.net` when your brand is at `yourcompany.com`, or using newer TLDs like `yourcompany.xyz`. **Subdomain mimicry**: Registering `yourcompany-login.com` or `secure-yourcompany.com` to mimic authentication flows. ## Assessing Your Exposure Start by understanding how visible and valuable your domain is as a target. A brand with millions of daily users and significant revenue faces a far higher risk than a personal blog. Consider: - **Traffic volume**: High-traffic domains are worth more to typosquatters. - **Sensitive flows**: If your users enter passwords, payment information, or personal data, phishing risk is elevated. - **Brand recognition**: Well-known brand names are more likely to be typosquatted. Use WHOIS Lookup Tool to check the registration status of common typo variants of your domain. You can also search registration databases and domain monitoring services for recently registered look-alikes. ## Defensive Registration The most direct protection is to register the most likely typo variants yourself, then redirect them to your canonical domain. This is **defensive registration**. Prioritize variants that combine: - The highest probability of genuine keystroke error. - The most likely TLDs (`.com`, `.net`, `.org`, plus TLDs relevant to your industry or geography). - Homoglyph variants if your brand name contains commonly confused characters. Defensive registration is not exhaustive — there are too many possible variants to register them all. Focus on the handful most likely to capture real misdirected traffic or be used in phishing. For brands with global recognition, registering the domain in all major ccTLDs (`.co.uk`, `.de`, `.jp`, etc.) and pointing them to the main site is also common practice. ## Domain Monitoring Beyond defensive registration, ongoing monitoring is essential to catch typosquats you did not register. **What to monitor:** - New registrations of your brand name in any TLD. - Domains containing your brand name with common prefixes/suffixes (login-, secure-, my-, support-). - Homoglyph variants. - Certificate Transparency logs — when an attacker creates a phishing site, they often request an SSL certificate, which is logged publicly. See Domain Threat Monitoring for detailed guidance on monitoring tools and workflows. ## Legal Remedies If you discover a typosquat targeting your brand, several legal options are available: **UDRP Complaint**: File a dispute with an ICANN-accredited arbitration provider. A UDRP complaint requires proving (1) the domain is confusingly similar to your trademark, (2) the registrant has no legitimate interest in the domain, and (3) the domain was registered and is being used in bad faith. Successful UDRP complaints result in domain transfer or cancellation without going to court. **Uniform Rapid Suspension (URS)**: A faster, cheaper alternative to UDRP for clear-cut cases of abuse, introduced with the new gTLD program. **Court action**: For egregious cases or where a registrant contests a UDRP, national trademark law (such as the US Anti-Cybersquatting Consumer Protection Act) provides a court-based remedy. **Registrar abuse report**: File an abuse report with the registrar hosting the typosquat. Registrars are required by ICANN to investigate and act on credible abuse reports. ## User Education Technical and legal defences are complemented by user education. Train your customers and employees to: - Check the URL bar before entering credentials or payment information. - Look for `HTTPS` and a valid certificate — though note that phishing sites increasingly obtain certificates, so HTTPS alone is not proof of legitimacy. - Use bookmarks or password managers for frequently visited sites rather than typing addresses manually. - Report suspicious look-alike sites to your security team. Combine defensive registration, monitoring, DNSSEC (DNSSEC: Why You Should Enable It), and the full Domain Security Checklist for the most complete protection against typosquatting attacks.