Nov 23, 2016
Cyber Monday 2016: Typosquatting – A Threat to Brands and Consumers
Many of the largest online retailers are losing significant amounts of traffic and revenue as a result of not owning and properly utilizing domain names that are typographical variations of their primary website(s).
Traffic to typo variations of 50 of the most popular internet retail brands alone is worth over $70,000,000 per year.
More than 80% of typosquatted domain names that are associated with holiday shopping and receive significant levels of traffic contain phishing scams, malware, ransomware, or divert shoppers to competing retail sites.
Brands overwhelmingly own too many non-performing typos, and far too few of the typos that have the biggest impact on their bottom lines.
Introduction & Methodology
Cyber Monday is the busiest online shopping day of the year. Our study asks whether internet retailers are losing out on revenue on Cyber Monday due to typosquatting of brand names and resulting consumer misdirection.
In conducting this study, FairWinds utilized a number of tools to identify typo domains in .COM, before parceling these out and then analyzing their significance according to multiple factors enumerated below.
First, we used Internet Retailer’s Top 500 Guide and then parsed this list to focus on the top 50 brands whose names were not based on generic terms and did not represent houses of brands; we also included only companies associated with holiday shopping and those with brand names comprising six (6) characters or more. The following were studied:
|Abercrombie & Fitch||Kate Spade|
|Advance Auto Parts||L.L. Bean|
|Barnes and Noble||Neiman Marcus|
|Bed, Bath & Beyond||Nordstrom|
|Best Buy||Northern Tool|
|Children’s Place||Rue La La|
|Crate and Barrel||Staples|
|Dick’s Sporting Goods||Sweetwater|
|Disney Store||Tory Burch|
|Eddie Bauer||Toys ‘R’ Us|
|Finish Line||Under Armour|
|Foot Locker||Urban Outfitters|
We next generated all .COM typos for these brands using DomainTools’ typo generator. Across the entire set of typo domains, ownership is split almost equally between brands and cybersquatters. In order to focus our research on the most impactful domains, we examined only those domains that receive measurable traffic or more than 1,000 Google searches a month. After culling according to these criteria, we were left with 18% of the original set of typo .COM domains. All figures and findings in this paper reflect just the 18% criteria-matching subset of .COM typos.
Less than 1/5 of typo .COM domains are visited by internet users.
Based on each domain’s WHOIS data, we were able to tell which of the typo domain names each of the 50 brands owned and which were owned by third parties. This enabled us to assess which companies are doing the best at routing errant traffic to their sites through ownership and utilization of typos and which are potentially losing business and damaging their reputations due to unowned typos. Finally, we looked at where user traffic to these typo domains goes so as to assess what harm or good is associated with each domain. For example, a user could be redirected to the actual brand’s homepage, or they could be redirected to a competitor’s site.
We also considered Uniform Domain-Name Dispute-Resolution Policy (UDRP) proceeding history to identify which of the domains had been subject to a UDRP filing.
FairWinds’ analysis of typos for these top 50 brands revealed that, 1) overall, typosquatters own better typo domains, in the sense of attracting more errant user traffic, than do brands; 2) a troubling platform for cybersquatted domains – where different results ranging from extremely harmful disguised downloads to relatively harmless search engine results for the brand name are presented in a rotating fashion (also known as “fast flux DNS”) – appears to be increasing in popularity; and 3) typos can quantifiably harm brand owners due to lost revenue, negative brand value, and increased customer acquisition costs
1) Brand Owners Are Falling Short
- Thirty-four percent (34%) of total observed traffic to typosquatted domains is routed through brand-owned typos, while 66% of total observed traffic is routed through third party-owned typos, meaning that typosquatter-owned domains receive more traffic than the misspellings owned by brands themselves. This is a problem that can be corrected via the UDRP in most cases we observed, so the likely issue is that brands do not know which domains they should target for reclaim.
Typosquatters own 2/3 of the pool of typo domains that are most valuable.
- Nine (9) brands owned 0% of the typos, meaning that cybersquatters owned 100% of typos related to these brands, which include Nasty Gal, Rue La La, and Kate Spade. Three (3) brands owned the same number of typo domains as squatters, and 14 brands, including Amazon.com and Bed, Bath & Beyond, owned more criteria-matching domains than squatters. Thirty-three (33) brands owned fewer criteria-matching domains than squatters.
- Older domains tend to be more valuable – more intuitive domains including common typos unsurprisingly tend to be registered first. The average age of all domains that met our criteria and are owned by brands is 14.4 years; for domains owned by third parties, the average age is 9.96 years. The average age of domains that did not meet the search or traffic volume requirements to be included in this study was just 7 years.
- Companies own too many unnecessary names. While we found Bed, Bath & Beyond to be one of the companies that owns the most criteria-matching domains, they also own more than ten times this number, or 154 other typo domains, that did not meet our criteria and, hence, are not valuable.
- In our data set, one domain enforcement company had a visible connection in WHOIS records to 807 domains that receive 207 average annual visits. However, just 7% of these domains met our criteria. In contrast, across all domains meeting our criteria, the average traffic is 18,034 visitors, or 66 times the traffic to the company’s targets.
- Further, on the reclaim side, we found that UDRPs are not filed strategically, with only 10% of domains awarded via the UDRP meeting our criteria. That is to say, the majority of domains targeted via UDRP are not worth the effort, time, or money involved in the reclaim process.
- Conclusion: Brands should spend fewer resources registering, recovering and maintaining typos that don’t have an objectively-defined business benefit, and reinvest those resources into targeting and claiming prioritized typos that will benefit their business.
2) Malware Scams on the Rise
- Among studied typo domains owned by squatters, 39% contained malware, phishing, ransomware, and/or involved affiliate fraud; 54% were pay-per-click; and only 8% contained relatively inconsequential content.
- A significant number of typo domains including wwwcostco.com are using fast flux DNS to serve up rotating non-malicious and malicious content, including pages claiming to have locked users’ files and demanding payment to release them or inviting users to click to download the latest Adobe Flash Player. Instead of receiving the promised download, the visitor’s device is compromised. See appendix for screenshots of exemplary typo domains.
- Conclusion: Brands should be cautious when reviewing an infringing domain’s affiliated website. What they see may not be what their customers see. It is necessary to load an infringing domain at least twice, and from outside a corporate network in order to assess how it is being used.
3) Business Value of Typo Domains
- Using “average order size” and “conversion rate” statistics provided by Internet Retailer for the 50 brands selected for the study, the annual value of the traffic to the typo domains that are having a measurable impact is over $70 million dollars ($71,646,708). However, this revenue-value statistic does not take into account the cost of lost impressions, negative experience, and lost trust when there is phishing, malware, and ransomware.
- Using the same statistics, we calculated the average value of a criteria-matching, third party-owned domain is $100,000, over 20 times the cost of taking it back from the squatter via UDRP. Smart target selection and enforcement will focus corporate energy and resources where the biggest measurable benefit is, protecting them from lost revenues and earning them immeasurable goodwill associated with protecting their audience from real threats online.
- Conclusion: Typo domains do have a measurable positive or negative impact on brands. There is a very strong return on investment from focusing resources on the typos that measure up.
What Companies Can Do Better
Typo domains represent lost opportunities for the most popular ecommerce sites as well as risks for online shoppers. A pay-per-click typo site can jeopardize both a brand’s profits, by redirecting internet users to competing brands’ websites, and its reputation, should individuals have a negative experience on one of these pages. A malware or ransomware typo site can be significantly more damaging. Select brands, such as Amazon.com, own more effective portfolios that include the domain typos with significant traffic, while others, such as Best Buy, which, like Amazon.com, relies on online sales, owns few high-traffic typo domains relevant to their brand. In fact, Best Buy owns 0% of criteria-matching domains for their brand. This is not a small matter: Just 10 of third-party owned Best Buy typo domains capture 3.8 million user visits per year.
Websites that lure internet users into providing personal data are particularly successful during the online holiday shopping season, which officially begins on November 28, or “Cyber Monday.” It is recommended that retail brands take strategic, considered, and objectively-informed action to reclaim the most valuable and/or potentially harmful typo domains to make their holiday shopping season as successful as possible. Since qualified typo targets to own are a small and relatively fixed subset of the total number of typos, they will always be the best names to own. Businesses should refocus their resources on these domains first. By doing so and tracking the results, businesses can demonstrate the dollar benefit of a more targeted online brand- and customer-protection program.
 Typosquatting, a type of cybersquatting, refers to the practice by which individuals seek to monetize or otherwise benefit from traffic generated by spelling or keystroke mistakes made by internet users attempting to reach a particular brand by typing domain names directly into the address bar. Third parties often host fraudulent content and targeted ads on these pages, which can confuse potential customers and divert them from their intended destination.
 Website traffic data was derived by blending information from multiple sources, including Google, Compete, Quantcast, and Alexa.
 Malware, or malicious software, seeks access to a computer without the consent of its owner; phishing involves capture of confidential information, such as a password, through fraud; ransomware installs itself on a person’s computer to ill effect and demands ransom to undo the effect; affiliate fraud involves the illegitimate use of a typo website for participation in a legitimate affiliate program.