How to protect yourself from typosquatting?

Imagine that, in an atmosphere of undisturbed calm, you begin to notice a decline in traffic on your website or a decrease in the number of new buyers in your online store. Let's agree that this is the optimistic version.

In the pessimistic version, you notice negative customer reviews complaining about the quality of “your” products (or services) that you do not provide.

Something bad is happening. The situation is becoming tense. You are losing revenue and taking the heat for work you did not do.

Is someone impersonating you? Is someone one step ahead of you? Some elusive goal.

Is this possible?

Unfortunately, yes. Nowadays, it is possible, for example, to impersonate a competitor. Doing business on the Internet facilitates this practice.

What if there were no competition?

Imagine that you run a cosmetics store in a traditional shop located on the main pedestrian street. A beautiful, glass-fronted shop with a neon sign bearing the name “Roksanna Natural Cosmetics.”

After some time, you learn from your regular customers that on the other side of town, a well-known former currency dealer, Mr. James, has opened a cosmetics store with a sign bearing the name “Roxanna Cosmetics Store.” Is this serious competition? A little, but not that noticeable. The distance between the premises is a barrier, the assortment is different, and the aesthetics, visual impressions, and quality of service make the difference between the two stores.

All geographical and interpersonal barriers automatically disappear when you launch your online store. You launch it and name it roksannadrogeria.pl. It was a bull's-eye. Its turnover, traffic, reviews — everything is growing at the right, organic pace. The proverb “you reap what you sow” proves true.

At some point, you notice a decrease in website traffic and a decline in new buyers in your online store. What's worse, there are negative reviews from customers complaining about the quality of “your” products and about shipments that, surprisingly, are not your doing.

What was to be expected has happened. Mr. James has also launched an online cosmetics store.

We can guess under which domain name (hint: roxannadrogeria.pl).

Now it is certain that Mr. James's online drugstore, Roxanna Drogeria, is your direct competition. You are fighting for the same and similar customers.

And it could have been prevented

You consider this to be absurd, unethical behavior, a violation of the principles of fair competition by Mr. James, the “businessman.” Let's think about what bargaining chips you have in this case.

1. When you purchased the domain roksannadrogeria.pl, did you make sure to buy its inflected forms and domain extensions?
2. Do you have a legal protection certificate for the trademark for your brand?

If both answers are negative, I'm sorry to say that your cards are very weak in this game.

Of course, you can enter into a legal dispute. But first, estimate the time spent on the court battle, on lawyers' fees, on the effective enforcement of the court judgment. Is it worth the effort?

The saying “to err is human” is outdated

And it could have been remedied by looking at your domain name and creating a hypothetical scenario of your competitors impersonating you.

We are talking about an internet piracy technique called “typosquatting.” One mistake in a web domain can cause a user to land on a completely different website (e.g., a competing brand) or a fake website (e.g., a bank), where they unknowingly provide their login details and identity. For example, instead of going to the target website roksannadrogeria.pl, the user will visit roxannadrogeria.pl.

Typosquatting and cybersquatting are the bane of the internet. They are a profitable tool for all kinds of cybercriminals. Unfortunately, they cause people (especially the elderly and/or those who are distracted in life) to fear and resist making purchases and financial transactions on the internet.

Typosquatting involves exploiting spelling mistakes in a brand name in an internet domain (e.g., omet.pl instead of onet.pl, alllegro.pl instead of allegro.pl — for safety reasons, I advise against visiting suspicious websites. Cybersquatting involves accurately replicating a domain name and intercepting traffic. Both activities are illegal, involve Internet piracy, and pose a threat to cybersecurity in companies. They often aim to: sell the domain at a higher price, impersonate a brand, transfer traffic to a competitor's or criminal's website, direct the user to a fake website, extort financial data, or steal personal data.

How can you protect yourself from typosquatting?

Everyone has the right to make mistakes. If you accidentally make a typo when typing a domain name, you should be able to count on being redirected to the correct website anyway. In my opinion, this should be standard practice, especially for companies that enjoy a high level of public trust.

Major market players care about the safety of their users. They certainly could have afforded to buy up “typo” domains in advance (i.e., create a domain presence strategy) or repurchase domains (let's not delve into how much was spent on negotiations) or legally acquire confusingly similar domains (I explain this at the end of this article).

See what appears when you enter incorrect domain names: gogle.com, anazon.com, fasebook.com. These examples clearly illustrate that the saying “close is not good enough” is true. Either you beat the cybercriminals to it, or they beat you to it.

The fault will always lie with the brand owner

Let's assume that internet users have the right to make typos. Sticking to this rule, it is in the interest of every self-respecting company to minimize the risk of unpleasant surprises when redirecting users to a fake website or a competitor's website.

To protect your good name and the well-being of your customers from typosquatting, create a domain presence strategy. Complete a checklist containing 5 areas of analysis:

1. Identify possible typos and spelling mistakes in the name

To this day, I still have a problem with the correct spelling of the name of the drugstore chain “rosman.” I am deliberately giving the phonetic spelling to encourage you to type in the correct domain name yourself. Will you succeed on the first try?

2. Inflectional variations in the name

This applies in particular to foreign-language names or creative naming forms, e.g., Zalando vs. znalando, Erli vs. earli, Decathlon vs. decatlon.pl, Media Expert vs mediaekspert, Huawei vs huawai.pl, McDonalds vs mcdonald.pl.

3. Punctuation marks

If you have a two-word name, make sure to register the domain “with” and “without” a hyphen. So, if you have the domain abcxyz.pl, become the owner of the domain abx-xyz.pl.

It is a pity that this trick did not work for the brands present in the domains: x-kom.pl, home-you.pl, zielony-parapet.pl, mi-home.pl.

4. Purchasing alternative extensions

When purchasing a .pl domain name, make sure you also have other, equally important extensions: .com.pl, .net.pl, .com, .eu, .biz.

If you run an international business (e.g., a transport company), consider purchasing domains in neighboring countries, e.g., .de, .cz, .fr, .dk.

Cybersquatting written in Cyrillic

As part of the pool of specifics, I will present a specific form of cybersquatting. This is the most malicious, insidious, and dangerous form of impersonating the domains of well-known brands and public trust institutions. It involves replacing letters of the Latin alphabet with deceptively identical ones from other writing systems, mainly Cyrillic and Greek.

Here are a few possible, devious ways of replacing the Latin alphabet in order to create a clone of a website (e.g., a bank)

• the Cyrillic letter “а” looks like the Polish “a,” looks and sounds identical,
• the Cyrillic letter ‘с’ looks like the Polish “c,” but is pronounced like “s,”
• Cyrillic “р” looks like Polish “p”, but it is the letter “r”,
• Cyrillic “х” looks like the letter ‘x’ and is pronounced like Polish “ch”,
• the Cyrillic letter “у” looks like “y” but is pronounced like the Polish “u”,
• the Cyrillic letter “н” looks like “H” but is pronounced like “n”,
• the Cyrillic letter “з” looks like the number ‘3’ but is pronounced like the letter “z”,
• Greek letter. “ν” looks like “v” and is pronounced “ni,”
• the Greek letter “ο” for ‘o’ and is pronounced “o.”

You can guess the risks associated with cybercriminals using an “alternative” spelling of a well-known brand's domain (a so-called homoglyph attack):

• fake domain paypal.com (the letter ‘p’ has been replaced by the Cyrillic letter “р”),
• fake domain: νisa.com (Greek letter “ν” instead of “v”),
• fake domain: gοοgle.com (Greek letter “ο” instead of “o”),
• fake domain: шp.pl (Cyrillic “ш” instead of “w”),
• fake domain: рекаo.pl (Cyrillic ‘к’ instead of “k”).

Yes, popular brands from the financial sector, e-shops, and social media are and will continue to be targeted. But can you guarantee that your website will not fall prey to cybercriminals in the near future?

Is it possible to stand up to internet trolls?

We recommend taking care of tools from the area of passive measures. They cover issues related to intellectual property.

Make sure to register your name with the appropriate patent office. You will gain a powerful tool to protect the good name of your company and brand. No one will be able to use a domain name that contains a typo or deliberate modifications to the name.

If your name and, consequently, your internet domain name gains trademark status, you can legally use the court to seize an “illegal” domain (e.g., one put up for sale). All you need to do is prove impersonation of your brand, bad faith, or unfair competition.

ICANN has introduced regulations allowing trademark owners to recover domains that infringe on their trademark rights. For example, the UDRP (Uniform Domain-Name Dispute-Resolution Policy) procedure allows you to request the transfer of a domain or its deregistration from the DNS system without the possibility of claiming damages.

It is now clear that if your name is not a legally protected trademark, you lose strong advantages in the fight for your good name.

While typosquatting and cybersquatting are creative forms of fraud, entrepreneurs also have creative ways to defend themselves against such internet trolls. I strongly recommend taking action before, rather than after, a dangerous cyber incident occurs.