Registering domain names only takes a few minutes and is inexpensive. While this is something that people and organizations are thankful for, it has paved the way for typosquatting—the deliberate registration of domain names confusingly similar to the ones owned by a brand, company, or person, or is part of a public initiative. Typosquatting has allowed threat actors to impersonate individuals and organizations and execute different types of fraud, such as invoice and phishing scams and setting up malicious copycat websites. But how big of a problem is typosquatting really? We conducted a test using our domain intelligence, and detects thousands of typosquatting domains every day. On May 21, it identified 11,578 potential typosquatting domains. And the day before that, it spotted 12,985 domains. Typosquatting Data Feed With the volume of typosquatting domains registered daily, there’s a high chance that unknowing users may get drawn to questionable websites and possibly fall victim to scams and cyberattacks. This makes a must. In this post, we illustrate why it’s important to watch out for typo domains and lists of typosquatting sites. typosquatting protection What Are Typo or Typosquatting Domains? Typosquatting domains are Internet domain names that could confuse the average person about their legitimacy, origin, or purpose. They usually closely resemble other domain names that visitors or email users are familiar with, possibly creating a false sense of security and prompting to share confidential information. 2 Characteristics of Typosquatting Domains Typosquatting Data Feed provides users with daily data files that capture bulk-registered domains looking highly similar to one another. To appear on the feed, a domain must meet the following two criteria: Similar with at Least Two Other Domains A domain can end up on the data feed if there are at least two other similar domains in the group. The domains can thus be mistaken for their lookalikes due to typos or misspellings. Examples from the May 21’s typosquatting file are the three domains below. IMPORTANT NOTE: We recommend not to visit any of these websites since we cannot guarantee that they are safe. You can use Website Screenshot Lookup to preview them instead. experiencegarage-gang[.]net experience-garage-gang[.]net experiencegarage-gang[.]tech Users who misplace the dash (-) can end up on a different website. That is why some organizations register multiple variants of their domains to prevent customers from accessing the wrong site. There are times, though, when threat actors or domain parkers beat them to it. Registered on the Same Day Same-day registration may indicate bulk registration—the act of registering multiple domains at once. Examples from the May 21’s typosquatting feed file are 50 domain names (the first 10 of which are shown below) that use the top-level domain (TLD) .cam and variants of the string “emwahjjo.” emwahjjoq[.]cam emwahjjoj[.]cam remwahjjoa[.]cam cemwahjjoa[.]cam qemwahjjoa[.]cam hemwahjjoa[.]cam emwahjjox[.]cam eemwahjjoa[.]cam emwahjjoe[.]cam emwahjjof[.]cam 3 Lists of Typosquatting Lookalike Domains and Websites A glaring form of typosquatting is when a domain closely resembles one that belongs to a prominent organization. We saw these Instagram-inspired domain names from the typosquatting files on May 21: instagram-shop[.]net instagramshops[.]us instagramshop[.]us instagram-shop[.]us instagram-shops[.]net instagram-shops[.]us Facebook and Netflix also had their share of typosquatting domains that include: facebookshops[.]space facebook-shops[.]us facebookshops[.]us facebookshops[.]biz facebook-shop[.]us facebokshops[.]com facebookshop[.]blog facebookshops[.]top netflix-ce[.]com netflix-cl[.]digital netflix-ca[.]com Some of the domains also mimic one of the most impersonated brands in the world, PayPal: paypalprozess[.]net paypalprozess[.]com paypalprozess[.]org Remember that these domains were all registered on a single day. As such, there could be many more of their kind in previous or upcoming days. in the form of a data feed can help organizations protect against threat sources by getting alerted to their presence as soon as they are registered. Typosquatting tools or solutions Typosquatting is a real problem, especially for famous brands like PayPal, Instagram, Netflix, and Facebook. We have seen several phishing attempts where cybercriminals pretend to be from these companies, , and other reputable organizations. Some threat actors also use typosquatting domains to earn money from ads since people tend to mistype domain names. Both and the can help track new domain registrations that could spell trouble. financial institutions Typosquatting Data Feed Newly Registered & Just Expired Domains database

Dash

Facebook

Garage

Instagram

Netflix

8 Sources of Cyber Threat & Domain Intelligence for Enterprise Security

Developing a New Cybersecurity Product? Consider a Newly Registered Domains Database

Check our Enterprise API Packages.

Nominated for 2022 - HackerNoon Contributor of the Year - Data

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Typosquatting Protection: Watch Out for Lists of Typo Domains And Lookalike Websites

Typosquatting Protection: Watch Out for Lists of Typo Domains And Lookalike Websites

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Comprehensive Guide to Geolocation APIs for Cybersecurity Professionals

7 Top Domain Monitoring Software, Analysis Tools and Integrated Services

A Boom in Cryptocurrency Value Begets a Boom in Internet Crime Too

A Quick Guide on Best Practices for JavaScript Error Monitoring

Alphabetical Internet Ownership

A Comprehensive Guide to Geolocation APIs for Cybersecurity Professionals

7 Top Domain Monitoring Software, Analysis Tools and Integrated Services

A Boom in Cryptocurrency Value Begets a Boom in Internet Crime Too

A Quick Guide on Best Practices for JavaScript Error Monitoring

Alphabetical Internet Ownership

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps