Author(s): Pieter Agten, Wouter Joosen, Frank Piessensand, Nick Nikiforakis

Download: Paper (PDF)

Date: 7 Feb 2015

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2015

Abstract:

Typosquatting, defined as the act of registering in bad faith a domain name likely to result from making a typing mistake in a domain name belonging to someone else, has been known and studied for over 15 years. Nevertheless, this practice and its many variants are still thoroughly practiced up until this day. While previous typosquatting studies have always taken a snapshot of the typosquatting landscape, we present the first longitudinal study of typosquatting, i.e., a study in time. We collected data about the typosquatting domains of the 500 most popular sites of the Internet every day, for a period of seven months and we use this data to both establish whether previously discovered typosquatting trends still hold today, and to provide new results and insights in the typosquatting landscape. In particular we reveal that, even though 95% of the domains we investigated are actively targeted by typosquatters, only few trademark owners protect themselves against this practice by proactively registering typosquatting domains themselves. We take advantage of the longitudinal aspect of our study to show, among other results, that typosquatting domains change hands from typosquatters to legitimate owners and vice versa, and that typosquatters vary their monetization strategy by hosting different types of pages over time. Our study also reveals that a large fraction of typosquatting domains can be traced back to a small group of typosquatting page hosters and that certain top-level domains are much more prone to typosquatting than others.