How Cybersquatters Capitalize on Typos and How to Protect Your Brand

When was the last time you typed out a full URL in hopes of navigating to a webpage? With the rise of autofill text and automatic search this process of carefully typing web addresses into browsers in order to reach a website, which is called direct navigation, has decreased.

At FairWinds we were wondering if brands should still care about what happens when consumers mistype their addresses. Two of the most common typos that we see are; “www” without the dot (wwwfairwindspartners.com) and “.CM” without the “o” (www.fairwindspartners.cm).

What’s in a Name?

A domain name is broken down into different parts;

Why WWW and .CM?

In performing domain portfolio audits for clients, a service where we identify excess registrations or gaps within client portfolios, we have consistently seen the www and .cm typos as the most common infringements on brands. These variations on the brand’s domain name — if not already owned by the brand, are often owned by third parties and are often used for distributing malware or are infringing on the brand.

WWW without the dot is a common typo because most internet users safely assume that all major websites have a www. before the domain name. However, with the rise of autofill text on most web browsers, people are less likely to type out the full www. before typing the rest of the domain name. So, while we believe that the frequency that individuals make this typo is likely decreasing, we wanted to do some further digging to assess this idea. Some examples of this typo are; wwwapple.com or wwwtwitter.com.

.Com domain names make up 40% of all domain name registrations, or 128.4 million out of 330.6 million. There are three possible typos for “.COM”; .CM, .OM, .CO. Let’s look at each of these typos separately.

.CM

If a user mistypes .COM and drops the “o”, it becomes “.CM.” This small typo completely transforms the web address! This two-letter code that replaces .com is the Country code (or ccTLD) for Cameroon. This mistake has a long history of being taken advantage of by bad actors. One reason .CM is particularly dangerous if owned by someone other than the brand, is that it does not fall under the jurisdiction of the UDRP (Uniform Domain-Name Dispute-Resolution Policy) or URS (Uniform Rapid Suspension System) so it is more difficult for a brand owner to get these domain names back from a bad actor.

.OM

This typo represents the ccTLD for the country of Oman. Fortunately, this country code is highly restricted by its registry the Telecom Regulatory Authority, and only Omani businesses and residents are allowed to register domain names. Also, having realized that .OM could be a haven for cybersquatters, the registry decided to restrict some common names and words from general registration.

.CO

This typo is the ccTLD for the country of Colombia. It also has been utilized as a new gTLD (generic top-level domain) because it’s commonly recognized as the abbreviation for “company.” While there is still cybersquatting in .CO, the registry has tried to crack down on this in order to encourage legitimate companies to choose .CO.

Some examples of the .cm typo include; Honda.cm and Netflix.cm.

Our Research Process

We took the list of the Interbrand’s Best Global Brands 2017 Rankings (which lists the top 100 most valuable global brands based on overall brand value) and ran an analysis comparing the domain names of these brands to the domain names with the www and .CM typos.

We first ran the top 100 companies’ actual websites through a series of analyses, including traffic and Alexa ranking. We then ran the typo variations through the same process to compare.

The Results of our Study

www typos:

CM typos:

Top 20 domain typos by traffic:

www typos:
10 names currently owned by the brands
10 names currently taken by third parties

.CM typos
13 names currently owned by the brand
7 names currently taken by third parties

Of the top twenty typos by traffic, there is a very wide range in the amount of traffic the sites receive. Most of these typo websites don’t even receive a full 1% of the traffic that the legitimate website sees. One large outlier is wwwpepsi.com which receives 21.4% of the traffic that the legitimate website receives!

Also, of note, of the 10 top www typos that are owned by the brand, 6 have been obtained through the UDRP (Uniform Domain-Name Dispute-Resolution Policy) process, which is the dispute resolution procedure for claiming names that are infringing on brand content. This process can be lengthy and costly for brands. The fact that over half of these brands consider this time consuming and costly procedure worthwhile to reclaim these names proves that there is value to be had in owning these names.

Takeaways

In the age of search engines, the frequency of consumers typing these typo domains is decreasing, but our research has proven that top brands (and cybersquatters) still see the value in owning these common domain typos. Considering the likelihood of these errors, as shown by the traffic to the typo domains, it is actually surprising that more companies do not purchase and redirect these typo domains back to their homepage.

What should brands do?

We wanted to explore these two types of typos as they are universal to most brands, however, we recognize that there are many other types of domain typos and It can be overwhelming to identify all typos of your brand name. Each brand will have common misspellings unique to them, and it is important to be aware of these. Because the www without the dot and .cm typos are not directly related to the spelling of a brand name, they can be overlooked in the process of defensively registering other typo domain names. This may explain why some of these major brands have not registered these typo domains.

Brands hoping to protect themselves from cybersquatters and other bad actors should conduct a risk assessment. The value of a web visitor is not insignificant and the loss of visitors is a drain on marketing investments. Brands should not only register these typos, and redirect them to their homepage, but consider what other misdirects could be impacting the value of their online brand.