Skip to content

How Typosquatters Trick Holiday Shoppers

December is a peak online shopping season, with Cyber Monday alone reaching billions of dollars in sales. Because the internet is flooded with deals, many shoppers let their guards down and become susceptible to typosquatters, who trick consumers into buying counterfeit products or giving away sensitive information. It's important for payment service providers to be aware of these merchants entering their portfolios at this time of year.

 

What is Typosquatting?

Typosquatting is a deceptive tactic typically intended to trick internet users into visiting websites they believe are operated by a trusted entity. Instead, the websites may attempt to steal a user's information, sell counterfeit products or services, or engage in other forms of illicit activity that can harm consumers and damage brands.

Typosquatters capitalize both upon genuine typographical errors that an unwitting user might enter - for example facebook.cm or faceboook.com - as well as visually deceptive domain names an internet user might not immediately recognize as falsified.

 

What Are Some Typosquatting Tactics?

There are many methodologies typosquatters use to mimic an authentic domain name. Often a typosquatter will make use of a typo, such as disneyy.com, or will use an alternative top level domain (TLD), such as disney.om.  Other cybercriminals trick consumers using trailing text, such as disney-official.com. There are more sophisticated techniques as well; see our typosquatting guide for some real examples.

 

What to Watch Out For

While consumers should carefully scrutinize every new website they visit, payment service providers can also take action to prevent typosquatters from appearing in their portfolios. They can:

  • Watch out for merchants applying for merchant accounts with domain names that are suspiciously similar to well-known brands.
  • Carefully scrutinize merchants using domain names that include common typosquatting techniques, such as starting a domain name with "www-."
  • Invest in merchant monitoring services, such as those provided by LegitScript, to quickly flag suspicious merchants who may be engaged in phishing, IP infringement, or other problematic activity.

 

Want to learn more? Download our Typosquatting Guide for more examples and a case study of an offshore internet service provider operating as a cybersquatting safe haven.

person typing on a mobile phone

 

Recent Blog Articles

This Piece of Legislation Redefined Hemp for an Entire Nation

The 2018 Farm Bill redefined the legal definition for hemp, and with that change unearthed a nationwide market for hemp-derived CBD products. Learn more about the Farm Bill, explore the current regulatory landscape for hemp and CBD products, and then download LegitScript's CBD Compliance Resource Gu...
Invest in trust and safety.

A Recent Report Recommends Investing in Trust and Safety

In the recent Trust and Safety Market Research Report published by Duco, researchers found that investment in trust and safety is increasingly important and that solutions like LegitScript's Ad Monitoring and Marketplace Monitoring can accelerate these efforts while providing a solid return on inves...
What is fraud prevention?

What Is Fraud Prevention? Here’s What You Need to Know

What do acquiring banks, sponsor banks, and/or payment processors need to know about fraud prevention? We'll cover what fraud prevention is, what payments fraud is, and how LegitScript Merchant Onboarding and Merchant Monitoring fit within your fraud risk management programs framework. Then contact...
fraud risk management

Holistic Fraud Risk Management Programs Look Like This

Taking a holistic, proactive approach to fraud risk management helps your organization mitigate risk, remain compliant, protect your customers, and avoid scrutiny from card brands and regulatory agencies. Discover how LegitScript Merchant Monitoring and Merchant Onboarding fit into your merchant ris...