Typosquatting abuse of 500 most popular websites analyzed

A group of researchers from Belgian University of Leuven and US-based Stony Brook University have released the results of their months-long research of typosquatting abuse, and have discovered a number of interesting things.

Typosquatting is not a new phenomenon, but this scammy method wherein attackers intentionally register a domain name that is a mistype of a popular domain name is still practiced to this day. The researchers wanted to see whether anything has changed from earlier days, and map out the current situation in the typosquatting landscape.

For seven months, they collected daily data about the typosquatting domains of the 500 most popular Internet sites of the Internet. Their analysis revealed that:

  • 95% of the most popular domains are targeted by typosquatters, but only a little over 30 percent of these companies proactively register additional typosquatting domains so that they don’t fall into the hands of scammers.
  • The majority of possible typosquatting domains for short popular authoritative domains is already registered, so many typosquatters have turned to targeting longer domains.
  • Typosquatters often change monetization strategies on their domains.
  • Half of all typosquatting domains can be traced back to just four typosquatting page hosters.
  • Some top-level domains (TLDs) are much more prone and some much less prone to typosquatting than others. This depends on the cost of registering a domain name, as well as their domain dispute resolution procedures and the restrictions registry operators place on registrants.

Huffington Post, American Express and Bloomberg have themselves registered a considerable number of defensive domains (57, 42, and 29, respectively).

Scammers have registered the greatest number of malicious typosquatter domains targeting users of adult social network Adult Friend Finder, online marketing company Constant Contact, and Russian social network service Odnoklassniki.

“Alarmingly, out of the three banks in our top 500 list (bankofamerica.com, hdfcbank.com and icicibank.com), only bankofamerica.com has defensive registrations,” the researchers noted. “One would expect the financial sector to take a leading role in protecting their reputation and their customers.”

For more in-depth findings, check out the researchers paper.