Typosquatting

By:-

Vinod Prajapat (63)

+919823824669
Date : 17-09-2009
Typosquatting, also called URL
hijacking, is a form of 
cybersquatting which relies on
mistakes such as 
typographical errors made by
Internet users when inputting a 
website address into a web browser.
Should a user accidentally enter an
incorrect website address, they may
be led to an alternative website
 Overview

The typosquatter's URL will usually be one

of four kinds, all similar to the victim site
address:
(In the following, the intended website is
"example.com")
• A common misspelling, or foreign language
spelling, of the intended site: exemple.com
• A misspelling based on typing errors:
xample.com or examlpe.com
• A differently phrased domain name:
examples.com
 Once in the typosquatter's site, the user may
also be tricked into thinking that they are in fact
in the real site; through the use of copied or
similar logos, website layouts or content.
Sometimes competitors of the victim site will do
this.
Alternatively, the user will be forwarded to a
site of a completely different nature from what
they intended. This tactic was infamously used
by John Zuccarini, who redirected domains
targeting children to pornographic websites.

Sometimes, the typosquatters will use the false

addresses to
distribute viruses, adware, spyware or
other malware.
 Combatting typosquatting
1. A victim website should send
a cease and desist letter to the
offender at first, in an attempt to
quell the activity.
2. Another option would be to try to
purchase the website address from
the typosquatter, which could have
been the typosquatter's aim all
along. Occasionally, lawsuits are
taken against the offending site or
Contd….
3. A company may try to preempt
typosquatting by obtaining a number
of websites with common
misspellings and redirect them to the
main, correctly spelled website. For
example www.gooogle.com,
www.goolge.com, www.gogle.com,
www.gewgle.com, and others, all
redirect to www.google.com.
Contd…
Microsoft has released new software to help
combat this issue. The software is called
"Strider Typo-Patrol". This is a tool that
scans and shows third-party domains that
are allegedly typo squatting.

It also lets parents restrict access to typo-

squatting domains that show sexually
oriented ads on typos of children's web
sites.It highlights mis-spelt sites that use
cookies and employ HTTP re-directions.
Both of these are commonly used
mechanisms for providing Web Services and
don't necessarily mean a site is hosted by a
domain squatter.
Defensive registrations
Many site operators have resorted to
registration of long lists of seemingly-
duplicate names across multiple
countries and top-level domains;
for instance, amazon.com is duplicated
across most country code TLD's
And a local version of Google exists in
nearly every available inhabited region,
including a nominally-localised 
google.pn for the Pitcairn Islands,
population 56.
Google's domain name is also
registered (but inactive) in uninhabited
Contd…
• A growing trend is the increasingly
common use of "derogatory" defensive
registration. These are names such as
<companyname>sucks.com or
<companyname>lawsuit.com
which are of no commercial value but
are potentially of use to builders of
consumer-complaint sites. By
registering the names themselves,
corporations keep them out of the
hands of potential critics and
 Typosquatting and the law
• In the US, 1999 Anti-Cybersquatting
Protection Act (ACPA) contains a clause
(Section 3(a), amending 15 USC 1117
to include sub-section (d)(2)(B)(ii))
aimed at combatting typosquatting.
• USA: Anticybersquatting Consumer
Protection Act (“ACPA”) of 1999 allows
trademark owners to obtain damages
and injunctive relief in federal court
when a third party with a “bad faith
intent to profit . . registers or uses a
domain name” that isidentical or
Contd..
• No anti-cybersquatting laws in
Europe

• India - TRIPS, Art. 16(2) and 16(3)

Extends the protection to services, as
well as to dissimilar goods and
services
 UDRP
(Unified Domain Name Dispute Resolution
Policy)
• In 1998, WIPO established its First Internet
Domain Name Process to develop
recommendations for the international
community concerning issues with Internet
domain names, including domain name dispute
resolution

• Adopted by ICANN in 1999

• A mandatory administrative dispute resolution

procedure, which is uniform across all open
general top-level domains

• Highly time- and cost effective when compared

to court litigation
Contd..
• Disputes are decided by independent
panelists
• A complainant must demonstrate that
the disputed domain is identical with or
confusingly similar to its trademark,
that the respondent does not have a
right or legitimate interest in the
domain name and that the respondent
registered and used the domain name
in bad faith.
• The sole remedy is the transfer of the
domain name
 Examples
• Wikipedia is a victim of typosquatting: en.wiipedia.org,
en.wikpedia.org, www.eikipedia.org, www.wilipedia.org,
en.wikipedi.org, en.wikipediia.org, www.wikipedi.com and
www.wikipaedia.org as of 2007, are all websites which
contain pop-up ads, spyware/adware downloads, and ad-
generating search engines.

• Google's anti-typosquatting defense is incomplete; as of

April 2006, "http://www.goggle.com" redirects to a 
rogue software vendor (particularly SpySheriff) rather than
to Google. The site attempts to spam users with popups
and also used to download Spysheriff without any further
user action.

• The US White House site "whitehouse.gov" is parodied at

whitehouse.org; whitehouse.com at one point was the site
of a notorious pornographic magazine.
 CASE

Verizon Communications
 Verizon Communications
15th Dec2008
• Verizon Communications won a
$31.15 million judgment against
internet registrar OnlineNIC.
Microsoft and Yahoo are also
pursuing cases against the company.
In Verizon's case, the company
brought suit charging that OnlineNIC
registered approximately 663
domain names either matching or
similar to Verizon trademarks –
including Verizon-cellular[dot]com
and Buyverizon[dot]net.
In court papers, Verizon claimed that
OnlineNIC registered more than
900,000 domain names that were
close to some of the globe's largest
companies, including Google, Adidas,
MySpace, Wal-Mart and Yahoo.
OnlineNIC used an automated process
to enable cybersquatters to register
the URLs using “numerous means to
conceal its true identity,” Verizon's suit
• According to the default judgment
issued Dec. 19 by Judge Jeremy Fogel
in the U.S. District Court for the
Northern District of California in San
Jose, OnlineNIC must now pay
Verizon $31.15 million. The company
also was ordered to transfer the
domain names under dispute to
Verizon, and may no longer register
domain names containing Verizon
And, on Dec. 19, Yahoo filed a suit
accusing OnlineNIC of cybersquatting
and trademark infringement. The
company accused OnlineNIC of
registering more than 500 domain
names that match or are similar to its
brands, including Yahoozone[dot]com
and Yahooyahooligan[dot]com.
• Rediff.com India Ltd., which owns trademarks such as
REDRIFFMAIL and REDRIFF etc, won the typo
domain Rediffmai.com in a recent WIPO case.
Rediff is not a dictionary word. The disputed domain
was parked and had pay-per-click ads related to many
of Rediff's services. Obviously, Rediff deserved to win
this domain.
The respondent has a history of registering other
domains, based on the names of other well-known
companies:
• Quote:
• These include <bznkofamerica.com>, <goofgle.com>,
<google4.com>, <facewbook.com>,
<craigslisst.org>, <freiendster.com>,
<amnestyinternational.org>, <photobucket.org>,
<lycos.org>, <lycosasia.com>, <moorgate.com>,
and <cottonell.com>.
 .COM, .NET and .ORG Domain
Names Terms 
.COM - to be used for commercial
and personal sites 
.NET - recommended for companies
involved in Internet 
.ORG - recommended for not-for-
profit organizations 
 Domain Registration Policy
• OPEN REGISTRY
• Registration based on “first-come
first-served” principle
• it uses a robot for name registration
to assure a non-discriminatory
registration procedure
 Restrictions
• A domain name cannot be
registered with the purpose to be
resell it
• Contact data provided should be
complete
• Domain names cannot contain
obscene, pornographic, injurious,
offending words (use a list of
prohibited words)
• Protect famous or very well known
 Domain name registration
agreement
• The registration agreement contains: -
a requirement that the domain name applicant
provide accurate and reliable information and
contact details consisting of:
full name of the applicant;
postal address;
phone number;
fax number; email address; primary and
secondary nameservers (hostname, IP
addresses); -
where the registrant is an organization, an
association or a corporation, the name of an
authorized person for contact purposes must be
supplied;
 Domain Name Dispute
Resolution Policy
• The Registry will take action when it is
clear that a registrant is breaching the
Registration Rules.
• It may suspend delegation of an
Internet Domain Name in certain
circumstances: – the domain name is
being used in a manner likely to cause
confusion to Internet users; the use of
the domain name is misleading other
Internet users; – the whois contact data
is inaccurate or false – Fraudulent
payment.
• When a dispute arises between a domain name
holder and a complainant, the .ro Registry will
assist the two parties to arrive at a mutually
acceptable resolution to the dispute by
mediation.
• When a mutual resolution is not successful, the
complain is the subject of the Uniform Domain
Name Dispute Resolution Policy endorsed and
approved by ICANN (Internet Corporation for
Assigned Names and Numbers).
If the mediation is not successful, the
complainant can submit the dispute either to
WIPO (World Intelelctual Property), NAF (National
Arbitration Forum) or to a court of Bucharest,
 Future developments
• Provide online registration services
to registrars using EPP
• Allow Romanian characters to be
used in domain names
 Bibliography
• En.Wikipedia.org
• Google.com
Thank you