Typosquatting as a type of URL spoofing is almost always malicious. In some cases, it’s part of a phishing campaign, intended to compromise user accounts and other data. Other times, the website itself hosts a malicious phishing payload such as ransomware. The attacker might even be a plagiarist looking to sell counterfeit products.
If a threat actor creates a convincing enough typosquatting attack, imitating your website, they can cause tremendous damage to your brand as visitors may believe that you’re genuinely associated with malicious or poor-quality content. To make matters worse, a manual website takedown request is often so time-consuming that by the time it’s finally fulfilled, the damage has already been done.
That’s the bad news. The good news is that it’s possible to prevent typosquatting and protect your customers and business partners from fraudulent websites. It starts with understanding what typosquatting is and how it works.
How to Prevent Typosquatting
To address this new paradigm, organizations must embrace a digital risk protection strategy.
The external attack surface represented by these websites is massive. It’s impossible to contend with manually — businesses must take a different approach, one that begins with the right phishing and scam detection and remediation service.
Learn more about external attack surface management
1. Awareness and education
As is often the case with cybercriminals, typosquatting relies largely on the ignorance and carelessness of their targets. As such, a little education can go a long way toward bringing their efforts crashing down. Coach your employees on the importance of being mindful when browsing the web, including double-checking every URL they enter—or just using search engines for navigation, instead.
This education should be part of general security awareness training, which is equally crucial to avoiding social engineering attacks.
2. Trademark registration
One potential avenue for combatting typosquatters is to register your website under a trademark. That way, if all else fails, you can take the legal route and file a Uniform Rapid Suspension (URS) lawsuit against the typosquatter via the World Intellectual Property Organization. This is particularly effective against anyone seeking to blackmail your organization with a phony domain name.
3. Strategic domain ownership
A diligent company could attempt to purchase every variation of each domain it owns. Unfortunately, this approach is so cost-prohibitive that it’s nearly impossible. Even a simple, six-character brand name like Google has tens of thousands of potential variations; purchasing every single one could cost hundreds of thousands or even millions per year.
What you must do instead is make your purchases strategically. Determine which domains are the likeliest candidates for typosquatting and acquire those first. Ideally, your organization will be able to tap the expertise of one of its security vendors for help in that regard.
4. Deep learning
The web is impossible to monitor with human eyes alone. What your organization needs is AI-driven real time detection. Once you enter your domain names and business information, that should be all the system needs to go to work continuously analyzing the internet, dark web, app stores, and every other digitally accessible ecosystem for signs of impersonation and fraud.
It’s also imperative that you choose a platform with fast detection and a low false positive rate — if your organization must babysit the platform, that defeats the purpose of automation.
5. Automated, zero-touch takedowns
Detection through continuous monitoring is only half the battle. Remediation is where time is truly lost, which is why your organization must seek a platform that automates and streamlines the process. Seek a vendor that maintains relationships with registrars and hosting providers worldwide, one whose solution leverages API integrations to bring down potentially fraudulent sites before they’re even live.
6. Advanced real-time monitoring
Monitoring aside, a phishing and scam detection solution should also be capable of contextualizing potential threats. For instance, if a typosquat domain has a Mail Exchange (MX) record, that may be an indicator that it will be used to launch a phishing or business email compromise (BEC) campaign. Traditional tools and processes cannot effectively prevent a threat of this nature, as they lack a means of applying contextual analysis at scale.
7. Rich threat intelligence
Threat actors do their best work in the shadows, away from the prying eyes of security professionals. Find a solution capable of denying them this — one with a robust monitoring dashboard that grants fully detailed, actionable visibility into each suspicious domain and asset it detects. A high level of customization is also a must, along with the freedom to display threat intel in a range of different formats and based on a wide selection of metrics, including:
- Grouping look-alike domains, sites, apps, and platforms by geographic location, top level domain, IP address, etc.
- Domain usage data
- Registrant information
- Recommended actions
Automated Typosquatting Protection
Traditional security controls and tactics won’t protect your organization against threats like typosquatting. There’s simply too much ground to cover. What you need is a platform that allows you to find and take down fraudulent sites before your audience even knows they exist.
That’s where Bolster comes in. As the world’s premier phishing and scam detection and remediation service, Bolster is capable of identifying threats in a matter of milliseconds and can take down 95% of phishing and scam sites in as little as two minutes without human intervention. Leveraging a combination of natural language processing, computer vision, and deep learning, it’s capable of detecting and remediating not just typosquatting, but all manner of brand impersonation threats wherever and whenever they manifest.
More importantly, because it has a false positive rate of just 1 in 100,000, your team doesn’t need to waste time babysitting or training the platform — it’s ready straight out of the box to protect your business’s assets, reputation, and identity.
Bolster is also unique in that it’s capable of sniffing out threats where other detection platforms might typically overlook them, such as on secure collaboration platforms like Telegram. It achieves this through a combination of vendor relationships, intelligent IOC and TTP correlation, and contextual data gathered from sources like social media.
Bolster’s track record of automated threat detection is so accurate and consistent that the vendor has developed a strong relationship with Telegram which allows takedown requests to be transmitted directly to Telegram’s backend via API.
Bolster is the first and only service to date with such empowered take-down capability.
Learn how Bolster can protect your organization from typosquatting threats by getting a demo here.
