Phishing

Phishing domain lawsuits and the Computer Fraud and Abuse Act

Kurt Ellzey
December 29, 2020 by
Kurt Ellzey

Introduction

The worlds of trademark law and marketing seem to be constantly at odds with each other, occasionally collapsing into a court of law where they battle for not-insignificant amounts of money. When gray-market sources, guerilla marketing and potential malicious actions enter the mix, it can muddy the waters to the point where no one is quite certain if what is happening is legally correct. 

Case in point: Microsoft's recently unsealed legislative actions against an entity charged with malicious actions, as shown here at Law360. According to the charges, there were violations of the Computer Fraud and Abuse Act, as well as a number of issues that lead users to this location in the first place such as typosquatting.

This isn't a word you hear every day, so let's break this down and then see how it can affect us on a day to day basis.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

What is typosquatting?

To understand typosquatting, we first have to break down “typo” — or a mistake made when typing in a word. If you ever are going along in a conversation with someone and you put in “Facbook” instead of “Facebook,” for example, that is a typo — a mistake made when typing something. 

Many times now in programs like Messenger, an autocorrect function will change it to the word that it thinks that you mean, but web browsers (for example) don’t have this luxury. If you type in facbook.something instead of facebook.something, it will take you to a completely different website.

Typosquatting is the practice of deliberately purchasing a domain that is extremely similar to a known good site for financial gain. Say, for instance, that you had a rival social networking site that you wanted people to go to but were having a hard time making headway. You could then purchase something like the domains mentioned above and drive traffic to them via people typing in the wrong address. 

Alternatively, you could just hold onto the domain itself and then try to sell it to the organization that the address is similar to for a profit. However, falsifying representation like this can go beyond just URLs into full cybersquatting.

What is an example of cybersquatting?

Let's say for a moment that someone created a social media profile of a person or organization with enough details to be considered them at first glance. Once this was made, they started painting this person or organization in a very bad light — embarrassing details, insulting remarks, etc. This could potentially destroy the reputation of this person or organization without them ever being aware of what is happening. 

Depending on who runs the social media site in question, there may be methods in place to reclaim the profile, but the damage is done. As a result, it's usually best to try to take control of the possibilities at the outset, rather than do damage control afterwards.

How to prevent cybersquatting

Being proactive is really the best defense against cybersquatting, and that means being very aware when new Top-Level Domains (TLDs) become available, social networks start to become popular and new products are being deployed from your organization. 

Most large organizations are able to easily dispute cybersquatting with time and energy, but this can be significantly more difficult for smaller organizations or individuals. Even for larger organizations, though, it isn't a sure thing, as depending on the phrase it may be considered generic and as a result, not be granted. Most registrars are aware of this possibility, though, and will show a listing of possible variants on any domain you plan to purchase. While this may cost a significant amount of money up front, it may very well be worth it to not fight issues down the line. 

How to prevent typosquatting (typosquatting protection)

Typosquatting, like cybersquatting, is best dealt with by being proactive and registering as many domains as possible along certain lines. For instance registering “gogle”, “oogle” or “gool” or other variants on a theme if you were Google. 

It is also possible to use dedicated tools such as DNS Twist to see if typosquatting may already be active against your domain. On the user-side, a common defense for trying to avoid navigating to a site you do not intend to go to is to use a web search. The higher a particular site's reputation (when the search result isn't an ad), the more likely it is to be the legitimate site. 

But it doesn't always work that way. Enter URL hijacking.

URL hijacking versus typosquatting

While typosquatting and URL hijacking can sometimes be used interchangeably, there are a few instances where URL hijacking does more than just navigate to a different domain. For example, all services for domain name registrations expire after a certain amount of time. If a domain expires, it is then available for anyone to purchase, as it becomes freed up. So if google.com expired tomorrow and the organization did either renew it ahead of time or go through the registration process quick enough, someone else could purchase the domain through standard means.

In other cases, a domain is able to be transferred off of the original registrar if security has not been configured properly and onto a different host. Still other times, user PCs can individually be forcibly redirected to go to a different IP address when entering a particular domain through any number of means. 

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Conclusion

Typosquatting, cybersquatting and URL hijacking are all serious issues that need to be dealt with proactively by both organizations and individuals. Without diligent defenses, it is very possible to lose control of an online identity in the blink of an eye. 

This means more than just losing what page comes up first in a web search — this could mean disruption of communications, services and unintended receipt of sensitive information. It is extremely important therefore to be aware of what could possibly happen in the future, for whatever that reason would be. This is only one possible action that organizations can take to be proactive when it comes to information security.

 

Sources

What is Typosquatting?, McAfee

Domain Name Hijacking: Incidents, Threats, Risks and Remediation [SAC007], ICANN

Typosquatting – what happens when you mistype a website name?, Naked Security by Sophos

What is typosquatting? How misspelling that domain name can cost you, Norton

What is Domain Typosquatting and how to protect your business from it?, namify.medium.com

Fakebook: Misspelled domain squatters must pay Facebook nearly $2.8 million, The Verge

Facebook Typosquatting Campaign Harvests User Info, Infosecurity Magazine

How to protect your online brand against cybersquatters, BBC News

What is Cybersquatting and What You Can do to Prevent It, Creately

How to stop typosquatting attacks, opensource.com

elceef/dnstwist, GitHub

Kurt Ellzey
Kurt Ellzey

Kurt Ellzey has worked in IT for the past 12 years, with a specialization in Information Security. During that time, he has covered a broad swath of IT tasks from system administration to application development and beyond. He has contributed to a book published in 2013 entitled "Security 3.0" which is currently available on Amazon and other retailers.