Home / Industry

Why Typosquatting Protection Is a Must for Settlement Pages

The Telephone Consumer Protection Act (TCPA) is a federal statute that restricts telemarketers from making automated and unsolicited calls as well as sending faxes and messages to people. Affected individuals may choose to file a complaint and collect a minimum of US$500 for each illegal communication received.

Since its implementation, the number of TCPA complaints have piled up, resulting in the creation of settlement pages that attract a significant volume of visitors. Many of the said visitors manually typed these pages' URLs to check their complaint status each time, making them ideal typosquatting targets. Users can, however, keep track of potential typosquatting domains so they won't accidentally land on possibly dangerous websites with Typosquatting Data Feed.

Why the Need for Typosquatting Protection?

It is common practice for domain owners to put up pay-per-click (PPC) ads on parked sites so these would earn while waiting for domain buyers. Some also fill the pages with content to generate traffic, thus increasing their page authority. Note, though, that some less scrupulous domain owners don't screen the ads or content that appear on parked domains to make sure they don't have malicious ties. Landing on them may thus not be good for visitors.

Worse than that, certain typosquatting sites can be used for malicious gain. Examples of these are those that mimic settlement pages. Users who are eligible to claim settlements can very well end up handing their online credentials to hackers unknowingly. And that is why typosquatting protection is a must.

Case Study: TCPA Settlement Pages

TCPA settlement pages such as tcpasettlementregionsbank[.]com typically get published when a court deals its decision on a particular case. This specific page pertains to the "Swaney Versus Regions Bank" case filed on 22 May 2018.

A settlement agreement was reached on 12 November 2019. About a month after (specifically on 23 December 2019), TCPA created the tcpasettlementregionsbank[.]com page:

We put our theory to the test and looked for bulk-registered domains using "tcpa" as a search term on the Typosquatting Data Feed file for 24 December 2019. We uncovered seven domain look-alikes:

  • tcpasettlmentregionsbank[.]com
  • tcpasettementregionsbank[.]com
  • tcpassettlementregionsbank[.]com
  • tcpsettlementregionsbank[.]com
  • tcpasettlementregionbank[.]com
  • wwwtcpasettlementregionsbank[.]com
  • tcpasetlementregionsbank[.]com

Notice that all of the domains on the feed are slightly misspelled versions of the real settlement page's domain tcpasettlementregionsbank[.]com. We looked at each copycat domain's WHOIS record and found that these are privacy-protected. That didn't tell us much because the legitimate page's registrant details were anonymized as well. What piqued our attention was that while the real domain was U.S.-based, all seven of its look-alikes were China-based.

We dug further because the owner of the legitimate domain could have registered the copycats as a form of typosquatting protection. We didn't want to take the risk of landing on a malicious domain, so we used Screenshot API to see the content of one of the China-based domains, specifically tcpasettlmentregionsbank[.]com. We found this:

All seven look-alikes contained some version of the same material. They are likely owned by a registrant who makes a living out of PPC ads. Note that these copycats were also only registered for a year. The legitimate domain tcpasettlementregionsbank[.]com's registration, meanwhile, won't expire until 2021. But given that the deadline for filing claims for the case is on 20 April 2020, that isn't surprising. Claimants would stop looking for the domain by then and so the look-alikes' registrant would no longer get visitors.

---

The TCPA settlement example shows how such pages can be exploited by anyone with malicious motives, making typosquatting protection a necessity for any organization. Typosquatting protection solutions such as Typosquatting Data Feed can be used in tandem with others like WHOIS API and Screenshot API to investigate potentially illegal activities that can put individuals at risk of identity theft and fraud. That is critical especially since TCPA settlement announcements are not one-offs.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

Brand Protection

Sponsored byAppdetex

Whois

Sponsored byWhoisXML API