"Typosquatting is rampant. It’s not unusual for a top website to be targeted by
more than a thousand typosquatting domains.”
-Benjamin G. Edelman, assistant professor, Harvard Business School
We’re pleased to see that some big names in business, government and the news media
are catching up with Dr. Edelman and starting to give typosquatting, counterfeiting and other forms of brand and
IP infringement the attention they deserve.
Brands themselves are recognizing the scope of the problem, and some are fighting
back. For example, in July Facebook filed a lawsuit against alleged typosquatters the social networking
giant claims are infringing on its trademarks. Ironically (and in common with other
highly targeted brands), it is Facebook’s huge online presence, its booming traffic
and its sheer popularity that make it so attractive to infringers.
And make no mistake: domains based on likely misspellings represent – more often
than not – a conscious attempt to exploit legitimate brand owners. According to
Internet security firm Websense, more than six in 10 of the active domains based
on common misspellings of Facebook led to infringing sites.
The mainstream news media are increasingly taking notice. Last week Bloomberg BusinessWeek published an article claiming that
"any company that achieves a sizable online presence faces the threat of typosquatters.”
The story included efforts to estimate the scope of the problem:
A 2010 study…estimates that typosquatting costs the 250 most-trafficked websites
$285 million annually in lost sales and other expenses.
The article also discusses another growing online security threat: the use of typosquatting
as a corporate espionage tool. The risk was made vivid in September when the Godai
Group published a white paper on its investigation of "doppelganger domains,” which
involve use of otherwise legitimate domains but with the dot between host/subdomain
and domain omitted. About 30 percent of the Fortune 500 companies examined by the
firm were vulnerable to having their emails redirected to such doppelganger domains.
The potential result: loss of trade secrets, passwords and other sensitive information.
Recognizing a growing problem, the U.S. Congress is pursuing legislation designed to improve enforcement of online copyright
and trademark protection. While the legislation has some flaws (which we’ll discuss
in more detail in a later post), it’s good to know the problems are at least getting
The BusinessWeek article does a good job of outlining the problem. It is less effective
in offering solutions. For example, while the reporter notes that companies could
defensively register every available typo domain, he neglects to assess the feasibility
of such activities. After all, securing all possible permutations of some brand
names can require registering, and managing, literally thousands of domains.
The article further notes that "tracking down the owners of typo domains is difficult
and time consuming” but offers no suggestions for detecting infringement. It also
neglects to mention the importance of assessing the impact of an infringement in
order to determine whether to pursue remediation. It’s not unusual for a phony site
to receive little or no traffic. In such instances it may make little make sense
to invest time and money recovering such sites.
Finally, the reporter mentioned the option of legal action. That is, of course,
an option. It is, however, a costly one, and therefore tends to fall into the "when
all else fails” category.
Though the article is short on specific solutions, it does play a useful role in
focusing attention on the problem. We’ll devote future posts to discussing some