Typosquatting

INTERNAL GUIDE: M.ANILA NAME: N.SANDHARSH ROLL NO. : 10U51A1238

BRANCH: INFORMATION TECHNOLOGY SECTION: A

Typosquatting, also called URL hijacking, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.

Overview
The typosquatter's URL will usually be one of four kinds, all similar to the victim site address: (In the following, the intended website is "example.com")

A common misspelling, or foreign language spelling, of the intended site: exemple.com A misspelling based on typing errors: xample.com or examlpe.com A differently phrased domain name: examples.com A different top-level domain: example.org

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content.

Motivation
There are several different reasons for typosquatters buying a typo domain:

In order to try and sell the typo domain back to the brand owner To "park" the typo domain and make pay-per-click revenues from direct navigation missspells of the intended domain To redirect the typo-traffic to a competitor To redirect the typo-traffic back to the brand itself, but through an affiliate link, thus earning commissions from the brand owner's affiliate program. This "typo domain affiliate" is one of the most financially damaging schemes as it siphons profits from the legitimate brand for traffic/customers that the brand would have gotten anyway had the typo domain not existed. As a phishing scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly To install drive-by malware or revenue generating adware onto the visitors' devices To harvest misaddressed e-mail messages mistakenly sent to the typo domain To block malevolent use of the typo domain by others

Examples
Many companies have garnered reputations for ruthlessly chasing down typosquatted names, including Verizon, Lufthansa, and Lego. Lego, for example, has spent roughly $500,000 USD on taking 309 cases through UDRP proceedings.[2]

Celebrities have also frequently pursued their domain names, from singers to star athletes. Prominent examples include Basketball player Dirk Nowitzki's UDRP of DirkSwish.com [3] and actress Eva Longoria's UDRP of EvaLongoria.org.[4] An example of corporate typosquatting is yuube.com, targeting YouTube users.[5] Similarly, www.airfrance.com has been typosquatted by www.arifrance.com, diverting users to a website peddling discount travel.[6] Wikipedia has frequently been targeted by typosquatters, with several different URLs; in addition to the URL mentioned in the Infobox screenshot, "wikipeda.org" (Wikipedia without the third lowercase 'I'), which seems to host an imitation of Wikipedia that really redirects users to spam, and "vvikipedia.org" (using two V's instead of a 'W'), which supposedly is hosted by GoDaddy and is a simple single page with nothing but ads on it.