Skip to main content

We use cookies to give users the best content and online experience. By clicking “Accept All Cookies”, you agree to allow us to use all cookies. Visit our Privacy Policy to learn more.

Cookie Preferences

Many websites use cookies or similar tools to store information on your browser or device. We use cookies on BBB websites to remember your preferences, improve website performance and enhance user experience, and to recommend content we believe will be most relevant to you. Most cookies collect anonymous information such as how users arrive at and use the website. Some cookies are necessary to allow the website to function properly, but you may choose to not allow other types of cookies below.

Necessary Cookies

What are necessary cookies?
These cookies are necessary for the site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any personally identifiable information.

Necessary cookies must always be enabled.

Functional Cookies

What are functional cookies?
These cookies enable the site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

Performance Cookies

What are performance cookies?
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Marketing Cookies

What are marketing cookies?
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant content on other sites. They do not store personal information directly, but are based on uniquely identifying your browser or device. If you do not allow these cookies, you will experience less targeted advertising.
Better Business Bureau®
Resources for Businesses
Better Business Bureau
          Latest News

          BBB Tip: Typosquatting – how “fat fingers” can cost you

          By BBB Serving Central East Texas. January 13, 2021.

          Fake typo URL site (Getty)

          The manager for a large commercial builder recently called her IT support with serious concerns. One of their clients received an email that at first looked like it came from her work email account, asking for payment on completed work, but it didn’t originate from her office.

          The email address included her name, and the business domain was only one letter off. The sender asked for a wire transfer of payment for labor and materials on a large project costing almost a million dollars, and the recipient almost paid. This manager’s company has fallen victim to typosquatting, and they’re not alone.

          What is Typosquatting?

          Cybersquatting is when someone buys a domain name so they can pretend to be another entity or business. Typosquatting is a form of cybersquatting and occurs when someone buys the misspelling of a domain name to get online traffic from those mistakes. It’s also sometimes called URL hijacking.

          A domain name is an entity’s web address, what people type in the navigation bar to visit their website. It might look like businessname.com, localcharity.org or localcollege.edu. Email addresses typically follow a formula similar to [email protected], [email protected] or [email protected].

          Why Bad Actors Bother

          When users mistype or “fat finger” in the wrong address, they may be taken to a fraudulent website that looks similar to the one they intended to visit. The website owners can use this deception to steal identity information, sell products, or misinform.

          They can also send email from the misspelled domain name to try and trick the recipient into thinking it came from someone inside the company being mimicked. Recipients might think they’re dealing with a trusted source when they’re really interacting with someone whose whole intent is to deceive. Bad actors use typosquatting for purposes like these:

          • Making a quick buck – Sometimes the person who registers the misspelled domain hopes they’ll be able to sell the variation to the original company for more than they paid.
          • Selling goods or services – People might check out, thinking they’ll receive merchandise from their favorite brand, and either never receive it or get an inferior knockoff.
          • Installing malware – Sometimes when users visit a fake website, they end up downloading malware to their computer.
          • Getting clicks or views – Users may type in the wrong URL and find themselves looking at a page full of ads or articles. If they’re lured into clicking on the ads, the domain owner might earn revenue.
          • Stealing sensitive information – Users might think they’re logging in to their bank account, social media account or online shopping account when they’re really supplying their username and password to cybercriminals.
          • Protecting legitimate website traffic – Some companies buy variations of their domain name to make sure typosquatting can’t hurt them. They redirect traffic from those domain names to the legitimate business website.
          • Attempt at making jokes or sullying a reputation – Users end up navigating to a website that makes fun of or contains an attempt at humor related to the intended organization.

           

          Forms of Typosquatting

          Cybercriminals try to stick as close as possible to the original domain name with only slight variations so users will overlook the mistake. URL hijackers often register domain names with the most common typos or misspellings. They might also change the domain suffix, hoping the user will choose to visit yourtown.com instead of yourtown.gov when trying to pay a utility bill or traffic ticket.

          Another trick is to add an “s” to the domain name. For example, when yourtownplumber.com becomes yourtownplumbers.com, the user might not even notice the difference.

          How to Protect Yourself

          • Typosquatting takes advantage of people who get in a hurry and don’t pay attention.
          • The best way to avoid mistakes is to do the opposite. After typing in a web address and before hitting “Enter,” double-check the spelling. Once the online destination shows upon the screen, look for the padlock symbol and the website address includes https://.
          • Business owners - register common alternate spellings for your domain, including variations with plurals and hyphens. If you own all the similar domains, cybercriminals can’t use them against you. It’s also a good idea to monitor website traffic. A sudden drop off might indicate visitors are being diverted to a fake site through typosquatting.
          • Report suspicious websites to the Internet Crime Complaint Center. In Canada, see the Canadian Centre for Cyber Security.

           

          BBB offers resources to help people know who they can trust on BBB.org. Review BBB ratings, customer reviews, and links that go directly to the business website.

          Typosquatting and the Law

          The Anticybersquatting Consumer Protection Act (ACPA) was enacted in 1999 to make it illegal to register Internet domains that are similar to an existing business or personal name with the intent to misuse them. Cybersquatting and typosquatting are illegal, and ACPA requires URL owners to prove they’re acting in good faith.

          If you find someone has registered a variation that could be used to impersonate you, notify partners, customers, employees and anyone else who might be deceived so they can be on the lookout. Consider submitting a petition to the World Intellectual Property Organization to gain ownership of a domain that is “identical or confusingly similar” to yours if you can show the domain registrar is acting in bad faith.

          More Information

          Watch out for a simliar scam with tech support phone numbers when looking for IT assistance. 

          BBB promotes trust in the marketplace. If you or your business experiences typosquatting or anything else that seems like an illegal scheme to mislead consumers, help us investigate and warn others by reporting it to BBB Scam Tracker.

          BBB East Texas contributed to this article.

          Still Need Assistance?

          Contact Your Local BBB

          Your local Better Business Bureau can assist you with finding businesses you can trust. Start With Trust®.

          General Inquiries:
          6336-684 (416)

          Additional Resources

          Additional Topics