Tim Lince

New research into typosquatting has highlighted the increasingly sophisticated methods that typosquatters are implementing to dupe users and revealed a number of trends that trademark counsel should pay heed to. World Trademark Review spoke with one of the co-authors of the study, Nick Nikiforakis, about the key takeaways for brand owners and whether registrars could do more to combat the problem.

The research, entitled ‘Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse’, is the first content-based typosquatting experiment that studies the phenomenon longitudinally (aka, ‘over time’). It collected daily typosquatting data from the 500 most popular websites (based on Alexa rankings) over seven months, gathering over 900GB of data in total. Over 95% of the domains studied were “actively targeted” by typosquatters, with the study noting: “Few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains.”

Out of the 500 domains studied, 477 had at least one malicious typosquatting domain (defined as websites “set up to deceptively extract profit from users’ mistypings”). The sites with the most malicious typosquatting domains were AdultFriendFinder.com (targeted by 132 typosquatted domains), email marketing portal ConstantContact.com (103) and Russian social network Odnoklassniki.ru (97). Half of the 28,179 potential typosquatting domains studied were being used for ‘ad parking’. Other popular uses included ‘affiliate abuse’ (6.9%), ‘hit stealing’ (4.9%), ‘scam’ (2.4%), adult content (1.9%) and 1.6% were up for sale.

The data proves that typosquatting is “alive and well” and is continuing to broaden in scope, observes Nikiforakis, who is assistant professor in the Computer Science Department at Stony Brook University. Crucially, the scale of typosquatting abuse means that, having exhausted options amongst the bigger sites, typosquatters are targeting domains of a lower ranking than they used to, Nikiforakis  adding: “This is important for many businesses because it shows that you don't have to be [as popular as] Google or Facebook in order to attract typosquatters.”

In terms of what can be done to combat typosquatting, at present the burden falls on the shoulders of individual companies. The three domains with the most defensive registrations were HuffingtonPost.com with 57 defensive domains, AmericanExpress.com with 42 and Bloomberg.com with 39. Elsewhere, however, the report expresses surprise that other companies have not adopted the same approach. For example, it comments: “In particular, one would expect the financial sector to take a leading role in protecting their reputation and their customers. It seems these companies are either not aware of the problem, or simply do not care about it.”

A third alternative, is that, having conducted a ‘cost benefit’ analysis, widespread defensive registrations have been deemed undesirable. A fourth, of course, is that the cost of wide-scale defensive registrations is just too prohibitive.

There are some things that can be done to manage costs. The study looks at the TLDs that are more likely to be targeted by typosquatters (eg, ‘.pl’ and ‘.ru’) and less likely (‘.jp’ and ‘.com.br’), meaning that defensive registration strategies can be prioritised accordingly. However, Nikiforakis also argues that domain registrars have a responsibility to aid brands in the fight against typosquatting and suggests: “[One] approach that could be adopted would be for registrars to perform some background checks when a domain that is about to be registered is obviously a typosquatting one (eg, conforming to the models of typosquatting and attacking a well-known trademark). This could make it harder for typosquatters to easily register hundreds of domains all at one time.”

Whether registrars would be willing to take such a pro-active lead and just how it would be implemented, given technical challenges involved (such as defining fame - a DPML perhaps?) such help is unlikely any time soon. In the meantime, forewarned is forearmed, and the study helps ensure that the typosquatting threat is better understood.

We spoke further with Nick Nikiforakis on episode two of the World Trademark Review podcast, including more advice for brand owners and the effect that new gTLDs could have on typosquatting trends. You can stream it below, or subscribe to the World Trademark Review podcast on iTunes, Soundcloud, Stitcher, Pocket Casts or Tune-In


Please log in or register to leave a comment.

RE: Groundbreaking typosquatting research reveals true scale of the problem

A defensive strategy by brand owners can be expensive and cumbersome, however, a refined approach to the most important domains and monitoring of other domains can prove useful. Domain names that appear within the first five pages of an internet search for example should be targeted for retrieval, particularly those with intentionally infringing or harmful content. Fan sites or those not harming the brand can simply be monitored and action taken should an issue arise. The problem is large, but companies should take the same approach one should look for in a good suit; smart and tailored.

Anonymous user, on 02 Mar 2015 @ 09:45

Share this article