Before the end of his campaign, someone registered jebbush[.]com and directed it to Donald Trump’s campaign website. It was the latest in a long string of domain shenanigans perpetrated on both sides of the political spectrum. While nothing illegal was done to gain control of the politician’s URL name, it’s an important lesson for companies, organizations, and personalities — virtually any entity with a site and a reputation to protect.
Cybersquatting — or typo-, domain-, URL-, or whatever other type of squatting you wish to call it — usually takes one of a handful of variations. It could be a misspelling like twtter[.]com. It could be a correct spelling but a different TLD (twitter[.]org instead of twitter[.]com). Or it could be a misuse of a country domain, like .cm (where the user might leave out the “o” in .com). The traffic sent to these misnomer domains would then direct to a phishing site asking for a login, or an activist site, or an opposing candidate’s site.
What happened with jebbush[.]com is an opportunistic Trump supporter, or possibly someone associated with the campaign, registered the domain and set it to redirect to Trump’s campaign site. In this case it’s more properly categorized as domain squatting, since it’s not a URL typo.
Because Jeb Bush’s campaign had not registered it, the domain was up for grabs. As was tedcruzforamerica[.]com. Someone even went through the trouble of creating an entire site promoting emigration to Canada, a not-so-subtle political statement.
The difficult part about typosquatting is it preys on human nature. People make mistakes, typing in goggle[.]com instead of google[.]com, and that creates opportunity for criminals or activists.
While these campaign jabs are trivial and even somewhat lighthearted consequences, not planning ahead when creating an online presence can have harmful results for a company’s reputation and its customers.
How to Protect Your Site
Typosquatting has been around for a long time. Protection against typosquatting has since become more automated. OpenDNS, for instance, protects users against domain misspellings. Other services, like CloudFlare’s Registrar, can help provide protection for events like domain expiration.
Registering a domain is temporary. A domain is usually purchased for a number of years like a lease. Upon expiration, it becomes publicly available for registration again. But the process is not like flipping a switch. There is a whole process around a domain expiration, and it typically takes something like 40 to 75 days to be fully available to the public, depending on domain owner’s processes and policies.
Expiring domains often go unnoticed. When they do, automated services and bidders are waiting to snatch them, especially if they have value. These are called Drop Services or Drop Catchers. They “help you secure a domain name by registering it the absolute split second it becomes available.” Needless to say, watching for expiration of your domain should be a top priority. Most all registry services provide easy notifications.
Domain locks at the registry and registrar levels are an important measure that can protect against unwarranted changes. They would have prevented Tesla’s site hijack that occurred last year.
How to Protect Your Domain Brand
Inc has a few more suggestions for protection, including buying out misspellings and other TLD variations of your company name. Domains should also be viewed as a business opportunity. A domain is as much a part of a company’s identity as the company name itself. But the brand and identity don’t stop with the name.
What names, products, topics, or words can be associated with or are related to your business? Think outside of the business name itself to gather more traffic, and to also protect its brand and reputation. Think about the negatives as well as the positives. One of the best ways to prevent an attack on a company’s reputation is to get there first.
Yourcompanysucks[.]com won’t pop up and damage your brand if you own it first.