CitizenHawk Targets Cybersquatting

People often incorrectly type a familiar URL and end up someplace they didn’t intend to be. It’s more than a minor annoyance, as malicious individuals have built a profitable industry on registering common misspellings to redirect users to other sites, defraud pay-per-click or affiliate networks, and phish for user log-in credentials by spoofing an established site.

This cybersquatting practice, which some are calling typosquatting, can cost brands in lost sales and reputations, and is the problem a new start-up called CitizenHawk aims to rectify with its TypoSquasher service.

“The problem is way worse than companies think it is,” said Graham MacRobie, president and CEO of CitzenHawk.

CitzenHawk says it has found over 10,000 typo domain names that exist for the top 50 online retailers, including more than 400 fraudulent domains squatting on versions of Disney brands and over 600 domains squatting on misspellings of To combat misuse, the TypoSquasher service will search domains similar to a customer’s URL, record any fraudulent sites, and send automated “cease and desist” letters in cases of suspected fraud. The system offers customers an online dashboard that displays URLs and screenshots of the misspelled Web sites, as well as information on how they’re being monetized.

The company has already signed online retail sites,, 1800PetMeds and law firm Greenberg Traurig LLC as early customers.

The company is not only reaching out to brands that may be the victims of typosquatting, but also to law firms and affiliate networks or ad networks which may be unwitting partners in paying for ill-begotten click-throughs. While many affiliate and ad networks have rules against such activity, “they don’t monitor it, and they have to be notified about the misuse,” said Ari Master, the chief operating office of CitizenHawk.

Although typosquatting for criminal profit can be automated, it also has leaner profit margins compared to other malicious Internet activity like spam, so any level of possible disruption is enough to send most fraudulent businesses to another company’s domain if they receive a cease-and-desist message that may lead to legal action, Master said.

“Call it gumming up the works for the cybersquatter. We’re adding cost into the equation,” he said. “The folks doing this are smart people, but they are the type of people who choose the path of least resistance. It’s not cost effective to work on a brand when we’re on them.”

Related reading