So, you’ve registered your ideal domain name, and it perfectly sums up what you’re all about. However, when you’re first establishing your online brand, there are a number of other things you need to consider.

Did you ever think about what happens when someone accidentally misspells your domain in their browser address bar? Often enough it’s a simple ‘this site can’t be reached’ message, but occasionally, something more sinister can happen.

What is typosquatting?

Typosquatting, also known as URL hijacking or ‘brandjacking’, is a form of domain squatting, or cybersquatting. Essentially, typosquatting is where one party registers a domain with the sole intention of denying it from another organisation or individual, who might naturally want it for themselves. The domain squatter snaps up a trademark or name that they know will be in demand, putting them in a position to sell it to the other party at a later date, at a grossly inflated price of course.

The ‘typo’ in typosquatting refers to those tiny mistakes we all make when hammering away at a keyboard. The squatter will intentionally register domains with slight variations on an existing web address in a bid to pick up the traffic of all those sloppy typists.

For example, maybe you’re so excited to visit favouritewebsite.com you typed favouritewebiste.com instead. If this URL is in the hands of a domain squatter, you’ll be redirected to a completely different site. But for what purpose? The motivation behind typosquatting comes in all manner of nefarious shapes and sizes.

Examples of typosquatting cases

The end goal of typosquatting sites can vary from the simple objective of selling the domain at a jacked-up price, to monetising the traffic received using ads or affiliate links, or even redirecting to a competitor. However, more malicious typosquatting has seen the use brandjacking to replicate a target site and phish for personal login data. At its most serious, typosquatting can be used to infect the unluckiest bad spellers with malware-riddled webpages.

Some very high-profile victims of typosquatting cases include celebrities like Paris Hilton and Jennifer Lopez, where users were redirected to typosquatting sites that then bombarded them with affiliate links.

Even big brands have been forced to take it seriously. For example, Google has now secured gogle.com and googel.com to ensure slips of the keyboard don’t send users off course from their search engine.

One of the more bizarre typosquatting cases occurred in the early 2000’s. Microsoft delivered a cease-and-desist order to Canadian teen, Mike Rowe, after he thought it would be funny to add soft to the end of his part-time website design business’ domain name, MikeRoweSoft, and then refused to change it.

More recently, typosquatting has been used to spread so-called ‘fake news’, by presenting false news stories in links that appear to be from legitimate news outlets. This is only made more dangerous by social media, where this kind of information is often enough to go viral, spreading links to potentially millions of users.

How does typosquatting work?

Typosquatting is actually a relatively simple process. The Cybersquatters will go after likely typos for the website in question, common misspellings and other slight variations on an existing domain name. That might mean adding a hyphen here or repeating a character there, but the end result is the creation of a typosquatting site that’s close enough to a real domain name to pick up a high volume of web traffic.

Another common typosquatting tactic is to use alternative domain endings that are dangerously close to a legitimate URL. For instance, registering the equivalent .co of an existing .com domain. Certain country code domains like .cm (Cameroon) or .om (Oman) are also very popular with scammers, for obvious reasons.

But on a lighter note, the power of sloppy typing can be used for good. The charity site c.uk makes use of wildcard subdomains to pick up a large volume of mistyped .co.uk domains and showcases a wide range of real worthwhile causes that visitors can then donate to.

Unfortunately, the answer to this question is yes, and no. Obviously, phishing and malware scams are crimes, but simply registering an available domain isn’t illegal. However, there may be some legal comeback if consumers could potentially be duped or confused by a domain very similar or almost identical to an existing name or trademark. In other words, the law is on your side if any typosquatting sites constitute trademark infringement.

Of course, the law depends on your physical location. While the US has specific legislation in the form of the Anticybersquatting Consumer Protection Act (ACPA) of 1999, in the UK, typosquatting can be countered via existing trademark and intellectual property law.

Short of the courtroom, there are also services offered by the Internet Corporation for Assigned Names and Numbers (ICANN) and domain registries like Nominet to settle arguments over who has the legitimate claim to potential typosquatting sites.

While legal mechanisms and dispute resolution processes are certainly valued, they can also consume a significant chunk of money, time and effort. This may not be an issue for large multinational brands and celebrities, but in general, prevention is better than a cure if you're a small business owner.

How to prevent typosquatting cases

From a web user’s point of view, avoiding typosquatting is an obvious case of increased awareness. Be careful when typing domains and rely on search engines and bookmarks where possible (which are often quicker and easier to use anyway). Watch out for dodgy links in emails and social media posts, install antimalware software, and always make sure your browsers, apps and operating systems are as up-to-date as possible.

Website operators need to be proactive to identify likely targets for typosquatting and secure them as quickly as possible. It might be as simple as typing out your domain as fast as you can, seeing what the most likely mistakes are, and registering them. If someone is told your domain verbally, are there any obvious ways they could mishear it?

To prevent hijacking of the Fasthosts brand, we've made sure to register ourselves at fastgosts.co.uk, fasthost.co.uk, fathosts.co.uk and many more domains that will redirected you to fasthosts.co.uk.

An SSL certificate is also an excellent way to reassure users that you’re definitely who you say you are when they arrive on your website – especially in light of recent changes to how HTTPS sites are displayed in web browsers.

If you need to register several domains to secure your brand online, you’ve come to the right place. At Fasthosts, we offer a full range of domain registration services, from established, widely popular domains like .co.uk and .com to highly descriptive new domain extensions like .blog and .club.

Choose from a huge selection and get your preferred domains at outstanding prices. Everything can be managed from our user-friendly control panel, with free email forwarding, advanced DNS control and 24/7 support.

Our team at Fasthosts can also provide you with WordPress and email services, and if you want more information about protecting yourself on the internet, you can read in-depth guides and articles on the Fasthosts blog.