According to Databasix, one business in the UK is hacked every 19 seconds.
In today's business landscape, having a robust online presence is crucial. Therefore, organisations must be aware of the threats that target their business domains and web addresses.
This article discusses the negative impacts of typosquats and actions companies can take to maintain privacy protection, secure their online cyber strategy and mitigate against typosquat attacks.
Typosquatting, also known as URL hijacking, is where cyber criminals exploit common typing errors and target search engine users by redirecting them to malicious websites and foreign domain names on the internet.
A legitimate URL might take the shape of http://www.example.com/index.html, comprising a protocol (http), a hostname (www.example.com), and a file name (index.html). Yet, a URL won't function if the web page it points to doesn't exist.
You might remember one prominent example involving Google. The bad actors had created a false domain name that was barely noticeable - "Gooogle.com".
This is a perfect example of how squatters will capitalise on the website's popularity. In this instance, the hackers displayed ads on the false domain to generate revenue through clicks. Google, one of the world's most popular web browsers and premium domains, resolved this by taking legal action. The domain page was eventually closed down and further damage to the legitimate web address was prevented.
The higher traffic you get to your website, the more new domain extensions there are likely to exist related to your business.
Take the US election in 2020 as another great example. Digital Shadows discovered that for the 34 candidates running, there were over 550 typosquat websites. These were generally redirected sites causing no harm, however, there were some malicious domains containing brand-damaging information.
It is very easy for your domain name to be used negatively against your business. However, this case also shows the positive of proactively buying domain names close to your unique domain and redirecting traffic to your website to prevent malicious use. We'll get onto this a bit more in a moment.
When you register and buy domain names, it is a good idea to consider an easily memorable domain so people are less likely to misspell it. The perfect domain should be short, simple, unique, and, of course, include your business name.
Typosquatters typically register domain names similar to legitimate businesses to replicate their website addresses in an attempt to fool existing customers and new customers. Website visitors could land on fake business pages and mistakenly associate low-quality content or malicious content with the original brand. This is an attempt to damage your business reputation and legitimacy and will deter new customers from your products or services.
Customers could unknowingly visit a typosquat website and fall victim to a phishing scam or open a malware file. Along with using fake websites and domain names, malicious actors attempt to trick website visitors into handing over sensitive information such as username credentials or financial data. This could include your very own employees who can easily be tricked into entering sensitive company credentials.
This can lead to data breaches and potential legal liabilities for your business, resulting in a loss of trust in the legitimate brand which could harm customer loyalty and revenue.
The false typosquat web domains may gain search engine visibility which could negatively impact the original brand's search rankings. This can create a huge range of problems, but primarily, ranking low on Google is a business's worst nightmare.
These are just a few of the negative impacts of your business becoming victim to a typosquat attack. You can see they are all closely linked and generally result in a loss of brand reputation and create issues for your business name and websites.
Businesses need to adopt security strategies to combat all types of cyber attacks. To prevent typosquatting, many businesses and brands register their name with multiple domain extensions to protect their online identity, increase visibility and attract more visitors to their websites.
The website then has its own set of domain name system (DNS) records that convert text-based domain names into IP addresses. You can also use a browser-based security feature known as SSL certification. SSL certifications tell users that your site is the real site, and displays the little padlock symbol next to the URL in your browser.
Let's look at some other proactive methods used to combat this type of threat.
Companies should monitor domain registrations that resemble their brand and take legal action against typosquat attempts to protect trademarks and brand reputation.
OnSecurity offers a 24/7 typosquat monitoring service with a comprehensive threat intelligence tool that scans the internet for similar registered domain names and monitors your business email address and other security threats to your business. Start your 14-day free trial today!
To prevent malicious use of domain names against your business, it is recommended to purchase multiple domain names similar to your business and attain any web addresses that could be mistaken for yours.
It is a good idea to consider redirecting customers from these domains to one web address which will improve your search ranking and domain root SEO.
A phishing simulation is an exercise designed to educate employees about the risks of typosquats and phishing attempts. A simulated email will be sent to an employee's professional email address asking them to click on web links or to enter sensitive information.
The purpose of this simulation is to alert employees of their mistakes and learn the correct protocol in a safe environment. Phishing Simulation services are a popular preventative method and excellent training for you and your employees. Book a phishing simulation today!
Typosquatting became a form of cybercrime in 1999. It is punishable under the Anti-Cybersquatting Consumer Protection Act, which promotes the growth of online businesses and protects trademark law by prohibiting typosquatting in the UK and across America.
But that still doesn't stop cybercriminals. In the UK, if you find any nefarious URLs infringing on your copyright, you can request a DMCA takedown - asking the hosting provider to remove any content which you own.
This type of cybercrime remains a persistent threat to businesses and their customers. Its impact can be severe, ranging from brand dilution to security risks and revenue loss.
As companies continue to combat this issue, awareness and proactive measures are essential in safeguarding against typosquat attacks.
By staying vigilant and adopting best practices, businesses can protect their brands and ensure a secure online environment for their customers.