Skip to content

How Typosquatters Trick Holiday Shoppers

December is a peak online shopping season, with Cyber Monday alone reaching billions of dollars in sales. Because the internet is flooded with deals, many shoppers let their guards down and become susceptible to typosquatters, who trick consumers into buying counterfeit products or giving away sensitive information. It's important for payment service providers to be aware of these merchants entering their portfolios at this time of year.

 

What is Typosquatting?

Typosquatting is a deceptive tactic typically intended to trick internet users into visiting websites they believe are operated by a trusted entity. Instead, the websites may attempt to steal a user's information, sell counterfeit products or services, or engage in other forms of illicit activity that can harm consumers and damage brands.

Typosquatters capitalize both upon genuine typographical errors that an unwitting user might enter - for example facebook.cm or faceboook.com - as well as visually deceptive domain names an internet user might not immediately recognize as falsified.

 

What Are Some Typosquatting Tactics?

There are many methodologies typosquatters use to mimic an authentic domain name. Often a typosquatter will make use of a typo, such as disneyy.com, or will use an alternative top level domain (TLD), such as disney.om.  Other cybercriminals trick consumers using trailing text, such as disney-official.com. There are more sophisticated techniques as well; see our typosquatting guide for some real examples.

 

What to Watch Out For

While consumers should carefully scrutinize every new website they visit, payment service providers can also take action to prevent typosquatters from appearing in their portfolios. They can:

  • Watch out for merchants applying for merchant accounts with domain names that are suspiciously similar to well-known brands.
  • Carefully scrutinize merchants using domain names that include common typosquatting techniques, such as starting a domain name with "www-."
  • Invest in merchant monitoring services, such as those provided by LegitScript, to quickly flag suspicious merchants who may be engaged in phishing, IP infringement, or other problematic activity.

 

Want to learn more? Download our Typosquatting Guide for more examples and a case study of an offshore internet service provider operating as a cybersquatting safe haven.

person typing on a mobile phone

 

Recent Blog Articles

National Recovery Month spotlight

The National Recovery Month Spotlight: Key Healthcare

LegitScript is joining with our partners and community in celebration of National Recovery Month. Our Addiction Treatment Certification program is shining a spotlight on one of our certified organizations - Key Healthcare - and waiving application costs for all new addiction treatment certification...
CBD

How to Determine If a CBD Product Is Compliant

  In 2018, the Farm Bill changed the landscape for CBD and a new industry was born. CBD products and seller websites flooded the market and new policies and practices were established. Identifying compliant products amid the flurry was a challenge - until LegitScript introduced its CBD Certific...
internet pharmacy guide overview

Banks, Payfacs, and ISOs Need to Know These Three Principles for Online Pharmacies

Illicit online pharmacies selling counterfeit, unapproved, or otherwise unsafe drugs pose some of the greatest threats to consumer safety in e-commerce. Acquirers, payment facilitators, and ISOs can mitigate this risk by learning more about card network rules for high-integrity risk merchants sellin...

Navigating CBD Regulations in the US: Key Takeaways from Our Webinar

The regulatory landscape for CBD products in the United States is complex and ever-evolving. In a recent webinar hosted by LegitScript, industry experts provided a comprehensive overview of both federal and state regulations impacting CBD sellers, manufacturers, and their partners. Read the key take...