Tim Lince

Recent research has revealed the extent of a newly discovered type of domain name abuse. Dubbed ‘soundsquatting’, it is based on homophone confusion of popular domains and the authors of the study have urged trademark counsel to take note due to the high proportion of malicious domains uncovered.

Currently, the primary victim of soundsquatting is sound-dependent users (such as the severely visually impaired) who cannot properly interact with computers and other internet-connected devices without the help of assistive technologies. Using text-to-speech software, a soundsquatted domain will ‘sound’ near-identical to an authoritative domain, therefore tricking users to access the link. However, the rise of devices using speech-to-text tools, whether phones, tablets or newer smart watches, means that soundsquatting has the potential to become a more mainstream problem.

Looking at Alexa’s top 10,000 websites, the report identified 8,476 domains  that looked vulnerable to soundsquatting and discovered that 1,823 (22%) were already registered. Primary uses for those registered domains include displaying ads, conducting phishing attacks, installing malicious software and stealing traffic from targeted domains. For example, YouTube has three soundsquatted domains: ‘yewtube.com’ (registered, on sale), ‘ewetube.com’ (registered, redirects to a vitamin online store) and ‘utube.com’ (registered, mock video site with pop-up ads). In total, 1,037 (57%) of the 1,823 registered soundsquatted domains were tagged as “malicious” (with a majority dedicated to displaying ads) and 155 (8.5%) were registered by the targeted brand owner.

This is not an issue that should only be of concern to trademark owners of major brands, with the research concluding that “on average, low-ranking websites are just as vulnerable to soundsquatting than high-ranking ones”. Nick Nikiforakis, co-author of the study and assistant professor in the Computer Science Department at Stony Brook University, confirmed to World Trademark Review that “despite its obscure nature, soundsquatting is present and is being used for abusing trademarks”.

However, the good news is that not all domains are targets. “One positive is that a domain may not be vulnerable to soundsquatting,” he explains. “As such, domain owners can inspect their domains and only react if there is a need to react. Even if a domain name is vulnerable to soundsquatting, the number of possible squatted domains is typically less than the equivalent number of possible typosquatted domains and thus defending against soundsquatting costs significantly less than defending against typosquatting.”

There is unfortunately not an easy way to automatically check for soundsquatting. Nikiforakis suggests domain owners use Homophone.com as a manual way to identify homophones present in their brand’s domain names that could be used by cybersquatters. The research team has developed a tool to automatically generate valid soundsquatted domains, called AutoSoundSquatter (AutoSS), but Nikiforakis says it is “not public yet” and is currently being re-engineered.

World Trademark Review reported on the growing problem of typosquatting on our podcast last month. While soundsquatting is not as prevalent, where domains are vulnerable the percentage of malicious domains is high, and abuse targets some of the most vulnerable internet users. Therefore, in the purest definition of brand protection – to protect the users of your brand – trademark owners should add soundsquatting to their list of online concerns.

Comments

Please log in or register to leave a comment.

There are no comments on this article

Share this article