Misspelled variants of known brands of domains are common occurring, and the purpose is all that usually reputation parasitism. For site owners, there are a number of different services and tools that identify misspellings.
Misspelled domains are different forms of alternate spelling of the original domain name and is a concept that goes under many names; “incorrect registrations”, “typo-domains” or “typosquatting”. If the original name is “exempel.se” may be a misspelled domain “exempl.se” or “wwwexempel.se”. The reason for registering misspelled variants of a domain is often some form of reputation parasitism, but can also be used for phishing and other ways to attack a business. It is more the rule than the exception that there is this type of domain for popular domains and companies.
Deceive the one who spells wrong
There are several different types of misspellings of domain names that are intended to capture those who spell the name wrong or miss writing one or more letters. Examples of alternative spellings are to remove characters from the domain name, or to replace characters with another that is close to the keyboard or that looks rather like. Additional methods can be to change places on characters, or to have certain characters double.
For .se-domains one can also register the domain name in other top-level domains as for example “exempel-se.com”. For many users, it is difficult to see the difference between this and the name “exempel.se”. For Swedish names and words, there are also a number of known misspellings that you can use.
Tools for identifying misspellings
It can be difficult to identify all misspellings on your own domain name, but by using a set of algorithms it is possible to identify most. There are companies that specialize in this, and if you have a need to protect your domain name or brand, you can use these services. In most cases where you want to defend your brand, it is not enough to protect your domain name, but names that infringe on brands also occur in other contexts on the Internet, for example as names of user accounts in social media.
CERT-SE has an overall information on various measures around phishing:
The Swedish company nxt.se has a service for detecting domain names in a variety of top-level domains.
There are also a number of simpler services and tools for identifying misspelled domain names:
- Netcraft, Deceptive Domain Score
- Nominet, Searchable Whois (for .uk-domains)
- SIDN, Domeinnaambewakingsservice (DBS) (for .nl-domains)
To see if a .se-domain contains malicious code, you can visit Ikyon’s service Säkrare hemsida med .se.
If you want to initiate a dispute for a .se-domain that you consider infringing on your name rights, The Swedish Internet Foundation has a service called Alternative Dispute Resolution (ADR). For .nu-domains, UDRP is used, the Uniform Domain Name Dispute Resolution Policy.