Select Page

Business people and Webmasters have two big stones on their shoes: Cybersquatting and Typosquatting.

Since the first days that SEO and Domain flipping became a “thing”, black hatters didn’t doubt for a second to squeeze the lemon out of it, becoming a cash-fast trend.

Let’s analyze what’s behind both two of the most annoying internet scams, to detect them, and later protect from them.


What is Cybersquatting & How it Works

Cybersquatting is to register a domain name inspired on someone’s else brand to benefit from it.

Cybersquatters buy existing brand’s names and hold them with intention of selling it to a bigger cost when brands request it. 

As a business owner (with an actual registered brand), you would be kept apart from the domain until you pay for it (sometimes, 100x the original cost). 

After all, cyber-occupiers do this through non-ethical but legal schemes, being free to buy it from the registrar of choice.

This rarely happens to small and mid-size businesses. But others as big as Dell and eBay have been in conflict for years with cybersquatting. 

Although sometimes it’s pure coincidence. Think about Microsft battling a guy for a domain name called 

Laugh if you want, but this truly happened!

Examples are endless. Let’s better analyze the next four dominant types of cybersquatting:


  1. Identity Theft: Domain Hunter tools are used to buy domains and lock them once their previous “owners” forgot to pay the renewal. This happens very frequently, and it’s not harmful as soon as you, the “owner”, won’t need it anymore.

  2. Name Appropriation: The names of well-known figures are used as a bait to bring traffic to other websites. In this case, it could harm someone’s reputation as in the case of (site used to share pornographic content).

  3. Inverse Cyber Occupation: Premium domain (1 common word) owners tend to suffer intimidation from malicious individuals who want to dispute and take it for their own. 

  4. Typosquatting: This will be explained more deeply down below.


What is Typosquatting & How it Works

In this case, Typosquatting seeks to exploit frequent errors that Internet users commit.

Among these errors, we can find grammar mistakes and typos, universal phrases, and different domain extensions. They’re combined with visual design similitudes with other brands… All in order to confuse and attract visitors.

And its main types of Typosquatting you could find are 

  1. Typographical Mistakes: Those that you end up writing fast by mistake. “”, instead of “”

  2. Orthographical Mistakes: Because brand names aren’t always perfectly written on purpose, typosquatters identify such and occupy slightly different, correct variations.

  3. Alternative Orthography: Those who aren’t exactly bad written in similar languages. “”, instead of “”

  4. Domains with Hyphens: Happens in most cases with two-words domains. “”, instead of “”

  5. Different Domain Extensions: dot com isn’t the only domain extension available… And while that’s extremely good to diversify… It’s also a risk for big brands to lose their exact-match name, but with different ends. 

Is it understandable why Typosquatting is also known as “Fake URL” or “URL kidnapping”?

According to a Palo Alto Networks research, Wells Fargo, Netflix, Facebook, and Microsoft are the most imitated websites that financially-motivated occupiers have mimicked.

It also includes other important company brands as PayPal, Apple, Royal Bank of Canada, LinkedIn, Google, Apple’s iCloud, Bank of America, Dropbox, Amazon, and Instagram.

And not even Politics get away with it. 

A study report, compiled by Digital Shadows (Intelligence Firm) points out that 21% of typo squatted domains using election-related terms were either misconfigured or illegitimate sites. 

We could say the difference between these two is that cybersquatting is to occupy a domain name with intention of re-selling it to a registered business. And typosquatting is to register a domain to cheat unaware users to re-direct them to another website.

I used to be fearful of both threats, but later on, learned that I shouldn’t. At least, not much.



How to Detect and Prevent Both Threats

Would you like to know if your name has been parked by a cybersquatter or typosquatter?

The first thing you’ve got to do is to look for exact-match domain names of your brand.

Then, check out where the domain leads.

Here’s where you’ll differentiate if it’s happening, and which threat it is exactly. 

If you’re in a hurry, just search for your brand name on registrars and see all combinations using other extensions. Check if there’s any with your name + extension.

Found a domain parked? We might be talking about Cybersquatting.

Is there a website up, with products or services like yours? That could be Typosquatting.

I say “might be” and “could be” because there’s always a chance of being a legit occupier, with a legit business, if your brand consists of a frequently used word.  Especially if their site is built and published online, on a different market industry that yours.

The most you could do in that case is to contact who registered the domain name and ask.

Let’s not assume and make a “WHOIS lookup” in or any other similar service.

There must be a reasonable explanation behind the occupation, right? 

Attention: if you go after this initiative, the occupier might immediately jump to re-sell the holding rights to it. You can pay either (with a middleman) or you can start a demand.

Don’t want to pay?

I understand. I was there in your position.

Good news: Domain Name registrars might support you by requesting brand/business certificates. Here, you must prove to have registered this brand, explain with facts how is the other identical to yours, and explore if it was badly intended.

Although the ICANN is the main entity for global domain name situations. 

Have this clear on your mind, and tour their site to learn more about this topic (if you want).

They offer a monitoring service to find copycats of your brand.

The exact same applies to typosquatting issues

That’s the minimum you can do to protect yourself and your business against it.

Remember, if you’re reading this guide, is because you’re the one who’s legit.

And our truest advice for you is to watch out any leakeages related to your brand’s domain name. Register your business and many extensions as soon as possible.

But if there’s something else going wrong, you can count on us 24/7.