Misspelled Domain Names - A Fraudster's Favourite

Aug 1
08:26

2011

Michael Bloch

Michael Bloch

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

The energy and innovation of fraudsters never seems to end - if only they would use their powers for good. Fraudsters know that people often misspell domain names and use this to their advantage.

mediaimage

The energy and innovation of fraudsters never seems to end - if only they would use their powers for good. Fraudsters know that people often misspell domain names and use this to their advantage.

While most people arrive at a domain through a search,Misspelled Domain Names - A Fraudster's Favourite Articles a link or via their browser bookmarks, it's not unusual for people to type the name of a web site into their browser address bar. This is called type-in traffic and it's fine - if people type the right web site address and it's certainly not uncommon for them not to.

Some fraudsters will register a "typo" domain name, a popular brand's name spelled incorrectly, with view to scooping up the wayward traffic. The site may look exactly the same as the real site; making it more difficult for the user to detect something is up. From there, it's not difficult for the fraudster to gain the person's login details or funnel the person to a malicious site that will download malware to their computer.

A less nefarious situation is "typosquatting." Typosquatters register misspelled domains simply to run advertising for which they are paid. Some would still view this as a form of fraud and in the USA, the 1999 Anticybersquatting Consumer Protection Act (ACPA) contains a clause designed to combat typosquatting.

For online merchants, the solution is simple, but can be very expensive - to register domain names that cover all the possible incorrect spellings. That's fine if you have deep pockets and a short name, but for most online merchants, while registering the most common misspellings may be possible; to cover them all simply isn't viable.

At the minimum, if you know of a certain common typo of your domain name; it's wise to register that and just redirect the traffic accessing that domain to your web site.

Prevention is certainly better than cure. In a case of typosquatting, trademark holders need to file a complaint with under the the Uniform Domain-Name Dispute-Resolution Policy (UDRP), which isn't cheap and can be very time consuming. If you haven't trademarked your site's name; then a favorable outcome is less certain.

While you can't stop people making spelling mistakes; you can educate your own users, subscribers and customers. Teach them check the address they've entered into a browser before logging into what they believe to be the authentic site, or to use trusted links. This type of information can be relayed through newsletters and transactional emails such as order receipts.