Typosquatting Lands’ End
I’m probably going to ruffle some feathers with this post, but I have to disagree with item #6 on 10 Most Audacious Typosquatting Cases Ever
Search Engine People claim that an affiliate who registered typo’s of the Lands’ End domain, landsend.com, where
defrauding Land’s End by redirecting the traffic through their affiliate link.
First of all, how is this done? It’s actually quite simple. Pick a merchant who does a lot of volume and has a well-known brand, register some domains that are similar, but with misspellings, swapped letters and 1-key off words, then redirect your domains through your affiliate link to the merchant. Some examples (I have no idea if these domains are registered):
- Misspelling: Livelock.com
- Swapped Letter: lifelcok.com
- 1-Key Off: jifelock.com
I use GoDaddy for my domains, and right in the Domain Manager you can manage your domain forwarding
Is this typosquatting? Yep, sure is. But, was the affiliate
defrauding Land’s End? I don’t think so. I’d even go as far to argue that the affiliate was doing Lands’ End a service.
If the affiliate didn’t register these typo-domains, here are some possible outcomes:
- Pay-per-click: The user’s ISP gives them an error page with search results, including paid listings. Odds are, the results page knows the user tried to enter Lands’ End (for example) and will provide appropriate results, including paid listings from Lands’ End themselves, and possibly the competition.
- Competition: LL Bean registers the typo-domains and redirects the traffic to them. If the users are simple-minded like myself, they won’t notice the difference and search for the product they were looking for. The stores are pretty similar, and the user may end up buying, giving LL Bean a new customer, and not Lands’ End
- Hackers: A hacker registers the domain, makes the site look like LandsEnd.com, and collects data as users try to login. For Lands’ End, this may not be a big deal. But what if I registered shareaslae.com and collected logins, then redirected users through the proper login script and they never knew anything malicious happened?
BTW, shareaslae.com is registered to uPort Inc. Here are the redirects when you go there:
00:00:11.860 0.250 334 198 GET 301 Redirect to: http://www.srvag.net/do.php??=31 http://shareaslae.com/ 00:00:12.442 0.233 386 225 GET 200 text/html http://www.fsunoles.net/?ad=f31 http://www.shareasale.com/r.cfm?b=40&u=93566&m=47&urllink=&afftrack= 00:00:13.314 0.318 1807 207 GET 302 Redirect to: http://www.shareasale.com/newsignup.cfm http://www.shareasale.com/signup.cfm
Thankfully, this is an affiliate, not a hacker, and he’s just trying to get ShareASale new merchant commissions.
So what can merchants do to stop this? The obvious step is to register as many typo-domains as they can think of. However, at $7 each, registering 50 domains adds up quickly. So why not let affiliates take this risk? They’re fronting the money to buy the domains, and you (as a merchant) are only paying on sales.
I’m sure there are other opinions on this topic, so let’s hear them.