So, you’ve registered your ideal domain name, and it perfectly sums up what you’re all about. However, when you’re first establishing your online brand, there are a number of other things you need to consider.

Did you ever think about what happens when someone accidentally misspells your domain in their browser address bar? Often enough, it’s a simple ‘this site can’t be reached’ message. But occasionally, it can be something far more sinister.

What is typosquatting?

Typosquatting, also known as URL hijacking or ‘brandjacking’, is a form of domain squatting or cybersquatting. Essentially, typosquatting is where one party registers a domain with the sole intention of denying it from another organisation or individual, who might naturally want it for themselves. The domain squatter snaps up a trademark or name that they know will be in demand, putting them in a position to sell it to the other party at a later date, at a grossly inflated price of course.

The ‘typo’ in typosquatting refers to those tiny mistakes we all make when hammering away at a keyboard. The squatter will intentionally register domains with slight variations on an existing web address in a bid to pick up the traffic of all those sloppy typists.

For example, maybe you’re so excited to visit favouritewebsite.com you typed favouritewebiste.com instead. If this URL is in the hands of a domain squatter, you’ll be redirected to a completely different site. But for what purpose? The motivations behind typosquatting come in all manner of nefarious shapes and sizes.

Examples of typosquatting cases

The end goals of typosquatting can vary, from the simple objective of selling the domain at a jacked-up price, to monetising the traffic received using ads or affiliate links, or even redirecting you to a competitor. However, more malicious typosquatting has seen the to use brandjacking to replicate a target site and phish for personal login data.

And at its most serious, typosquatting can be used to infect the unluckiest bad spellers with malware-riddled webpages.

Some very high-profile victims of typosquatting cases include celebrities like Paris Hilton and Jennifer Lopez, where users were redirected to typosquatting sites that then bombarded them with affiliate links.

Even big brands have been forced to take typosquatting seriously. For example, Google has secured gogle.com and googel.com to ensure slips of the keyboard don’t send users off course from their search engine.

One of the most bizarre typosquatting cases occurred in the early 2000s when Microsoft delivered a cease-and-desist order to Canadian teen, Mike Rowe, after he thought it would be funny to add soft to the end of his part-time website design business' domain name, MikeRoweSoft, and then initially refused to change it.

More recently, typosquatting has been used to spread so-called ‘fake news’ by presenting false news stories in links that at first glance appear to be from legitimate news outlets. This is only made more dangerous by social media, where this kind of information is often enough to go viral, spreading the links to potentially millions of users.

How does typosquatting work?

Typosquatting is actually a relatively simple process. The Cybersquatters will go after likely typos for the website in question, common misspellings and other slight variations on an existing domain name. This might mean adding a hyphen here or repeating a character there, but the end result is the creation of a typosquatting site that’s close enough to a real domain name to pick up a high volume of web traffic.

Another common typosquatting tactic is to use alternative domain endings that are dangerously close to a legitimate URL. For instance, registering the equivalent .co of an existing .com domain. Certain country code domains like .cm (Cameroon) or .om (Oman) are also very popular with scammers, for obvious reasons.

But on a lighter note, the power of sloppy typing can be used for good. The charity site c.uk makes use of wildcard subdomains to pick up a large volume of mistyped .co.uk domains and showcases a wide range of real worthwhile causes that visitors can then donate to.

Unfortunately, the answer to this question is yes, and no. Obviously, phishing and malware scams are crimes, but simply registering an available domain isn’t illegal. However, there maybe be some legal repercussions if consumers could potentially be duped or confused by a domain very similar or almost identical to an existing name or trademark. In other words, the law is on your side if any typosquatting cases constitute trademark infringement.

Of course, the law depends on your physical location. While the US has specific legislation in the form of the Anticybersquatting Consumer Protection Act (ACPA) of 1999, in the UK, typosquatting can only be countered via existing trademark and intellectual property law.

Short of the courtroom, there are also services offered by the Internet Corporation for Assigned Names and Numbers (ICANN) and domain registries like Nominet to settle arguments over who has the legitimate claim to any potential typosquatting sites.

While legal mechanisms and dispute resolution processes are certainly valued, they can also consume a significant chunk of money, time, and effort. This may not be an issue for large multinational brands and celebrities, but more often than not, prevention is better than the cure, especially if you're a small business owner.

How to prevent typosquatting cases

From a web user’s point of view, avoiding typosquatting is an obvious case of increased awareness. Be careful when typing domains and rely on search engines and bookmarks where possible (which are often quicker and easier to use anyway). Also keep an eye out for any dodgy links in emails and social media posts, and install antimalware software if you can afford to. On top of this, always make sure your browsers, apps, and operating systems are as up-to-date as possible.

Website operators need to be proactive to identify likely targets for typosquatting and secure them as quickly as possible. It might be as simple as typing out your domain as fast as you can, seeing what the most likely mistakes are, and then registering them. If someone is told your domain verbally, are there any obvious ways they could mishear it? Note these down and then register them as well.

To prevent hijacking of the Fasthosts brand, we've made sure to register ourselves at fastgosts.co.uk, fasthost.co.uk, fathosts.co.uk, and many more domains, all of which will redirect you to fasthosts.co.uk.

An SSL certificate is also an excellent way to reassure users that you’re definitely who you say you are when they arrive on your website, especially in light of recent changes to how HTTPS sites are displayed in web browsers.

If you need to register several domains to secure your brand online, you’ve come to the right place. At Fasthosts, we offer a full range of domain registration services, from established, widely popular domain extensions like .co.uk and .com, to highly descriptive new domain extensions like .blog and .club.

Choose from a huge selection and get your preferred domains at outstanding prices. Everything can be managed from our user-friendly control panel, with free email forwarding, advanced DNS control, and 24/7 customer support.

Our team at Fasthosts can also provide you with WordPress and email services to put your new domain to work. And if you want more information about protecting yourself on the internet, you can read in-depth guides and articles on the Fasthosts blog.