Variously referred to as typosquatting, URL hijacking or brandjacking, this attack occurs when internet users attempting to access a legitimate website enter the wrong URL, or internet address, and are directed to a different, unintended, and often malicious website. This has been a security threat for a long time, but recently the practice has become more prevalent and, worse, more sophisticated. This is especially true with the proliferation of new top-level domains that create new risk to previously protected brands. 

 

As the internet has become the most important means for businesses to communicate with customers, businesses need to address and mitigate the risks typosquatting presents. Some common examples of typosquatting are misspelled URLs (eg., goggle.com rather than google.com) and incorrect URL(eg., hotel.com rather than hotels.com).

 

Most people have found their way to one of these sites. Once you type in the URL incorrectly and hit enter, you’re directed to a site that appears quite similar to the intended website. You may be asked to provide a credit card number or other personally identifiable information. You might be tricked into buying similar goods or services from disreputable vendors or at a higher price. The site may even load malware onto your computer. Regardless of the result, it’s likely to tarnish your impression of the intended website’s brand. 

 

Perhaps the most insidious aspect of typosquatting is that it circumvents many common safeguards. A security certificate that warns you a site may be malicious is useless if you don’t enter the correct URL in the first place. Many typosquatter sites are sophisticated enough to have valid security certificates

 

Typosquatting isn’t just a nuisance. If you’re a victim, these attacks divert business from your sites, cause customer dissatisfaction and damage brand reputation. While the only failsafe method of preventing customers from falling victim to typosquatting is for the customer to enter the URL correctly, there are a number of simple solutions that online businesses can undertake to avoid the consequences of typosquatting.

 

Before you launch a new website or before it takes off, you might want to identify common misspellings or mistakes that users could make and register those similar domain names. The mistaken domains can then be configured to automatically redirect to the correct website.

 

This will be a far easier – and cheaper – solution than fighting third parties who identify and register those domains first. Many common domain registration providers offer services to help protect similar domain names. Additionally, registering a brand trademark with the United States Patent and Trademark Office provides you enforceable legal rights with respect to your brand. Those rights make it far easier to combat typosquatters.

 

Assuming it’s too late for a proactive solution, the best option is to discover and address any potential problem sites. You should regularly test various misspellings or mistakes to identify potential issues, especially as new top-level domains are created (such as .biz or .shop). Pay attention to customer complaints to identify others.

 

Once you identify problem sites, there are three ways to fix the problem yourself. First, you may be able to purchase the problem domain from the owner. Often, the original purpose of registering a similar domain is to force a monetary payment. This may be the cheapest and easiest solution. 

 

However, if the price is too high or the third party is unwilling to sell, there are two avenues for compelling the domain transfer: a lawsuit under the Anti-Cybersquatting Consumer Protection Act (ACPA) or arbitration through the Internet Corporation of Assigned Names and Numbers (ICANN).

 

To prevail on an ACPA claim you must show that the domain is entitled to trademark protection (this doesn’t mean the mark has to be registered) and that the person who registered the domain did so in bad faith. Success can lead to obtaining the domain at issue, as well as monetary damages. However, like most litigation, ACPA can be frustratingly slow, time-consuming and expensive. 

 

In comparison, arbitration through ICANN is much quicker and cheaper. While ICANN doesn’t let you recover damages, proceedings take place before a panel of experts who understand the problem’s complexities. 

 

The elements of an ICANN claim are similar to those of an ACPA claim. To prevail, the challenger must show (1) the domain name is identical or confusingly similar to a mark subject to trademark protections; (2) the current owner has no rights or legitimate interests in the domain name; and (3) the domain name has been registered and is being used in bad faith. ICANN’s website contains a trove of helpful information on the arbitration process.

 

Smaller companies that would like to lower their risk can look for vendors that offer brand protection services. These companies specialize in monitoring for typosquatters and challenging those domains when identified. The better vendors will also handle domain registration, obtain trademark protections and list trademarks with ICANN, all of which should prevent most problems before they begin.

 

The internet is a primary link between you and your customers. Maintaining trust in that link is critical to your success. Typosquatting directly impacts that trust and can negatively affect hard-won brand value. It’s worth your time to head this risk off at the pass.