Typosquatting: What it is and why it’s a danger to charities

What can you do about typosquatting?

The best way to protect your charity against typosquatting is to be proactive by registering any domain names which are common misspellings of your real domain name.

Registering domain names is relatively inexpensive, and by registering a dozen or more you could save your charity a great deal of money in lost donations.

There are three popular ways to work out what domain names to register:

1. Find out what typos you make.  This involves you (and other volunteers if possible) typing your domain name out many (perhaps one hundred) times and then looking at what the most common typos were.

2.  Create a typo and misspelling list. This second option involves looking at your domain name and modifying it in different ways such as transposing pairs of vowels (such as domian instead of domain), making simple spelling mistakes such as using a single "l" instead of a double "ll", or replacing the letter "m" with the letters "r" and "n" or the letter "l" with the digit "1".

3. Generate a list automatically using a tool such as DNStwister or Domain Check. Both of these tools use your charity’s domain name to generate a list of possible typosquatting domain names that you may wish to register

Other measures you can take include:

• Using an SSL certificate with your charity website – If you are not already doing so, you should consider getting an SSL certificate for your website. By clicking on the padlock that appears in their browser, visitors can verify that they are going to your (genuine) website.
• Educate your supporters – many organisations remind their customers regularly in their email communications that they should never click on links in emails to get to your website, but instead, they should type in your web address carefully and check the SSL certificate before proceeding.

What to do if you find someone typo squatting your charity?

If you notice a sudden drop in traffic to your website or a drop in online donations at your website, then typo squatting could be the reason. If you discover a site which is typosquatting, then the first thing to do is contact the registrant of the domain if you can. You can find sometimes find the details of the owner using a Whois service such as who.is, or whois.com, or by carrying out a more complete Whois search.

If you can contact the owner, ask them to transfer the domain to you, either for nothing or for a small payment. Paying a typo squatter may be an unattractive proposition but if they are causing harm to your charity it may be the quickest and lowest cost solution.

An alternative approach in the UK is to use Nominet’s Dispute Resolution Service (DRS). Nominet is the official registry for UK domain names. For non-UK domain names it may be possible to take advantage of the Uniform Domain-Name Dispute-Resolution Policy (UDRP) set up by the Internet Corporation of Assigned Names and Numbers (ICANN). ICANN is a global partnership that helps manage the internet.

The final option is to take legal action: in the UK you may be able to sue on the grounds of fraud, or copyright or trademark violation. In the United States, you can use the provisions of the Anti-cybersquatting Consumer Protection Act (ACPA).