Typosquatting In .UK Domain Names Is Booming

ukTyposquatting in .UK domain names is going crazy and few companies have noticed. Most of the top 120 UK websites have had their domain names registered in .uk by typosquatters. Companies such as Google, Amazon or the National Rail have fallen victims of typosquatting.

On 10 June 2014, .uk domain names were made available for the first time.

The vast majority of existing registrants in the .uk ccTLD had the equivalent of their current .uk domain automatically reserved for free for five years. Existing owners (of .co.uk, .org.uk, .me.uk, etc) have until 07:59 UTC June 10, 2019 to activate their equivalent .UK domains.

Within 24 hours of opening for registration, new, short .uk web domains topped the sales charts with more than 50,000 domains registered.

In July 2014, Nominet announced that these new, short .uk domains had passed the 100,000 registrations milestone.

Unfortunately typosquatters found that the new .uk domains were potential goldmines and started mostly registering the equivalent of .co.uk domains in .uk but including the “co” in the domain names. For example if the domain they are targeting was ‘domain.co.uk’ they would register the domain name ‘domainco.uk’. So anyone that would mistype the domain name ‘domain.co.uk’ by forgetting the dot before ‘co’ would end up landing on their domain name.

I took a list of the 120 most popular .co.uk domain names based on Alexa rankings and did some research. I searched to see how many of the equivalent domainCO.uk domains were registered and how they were used. Here is what I found:

  1. 66 out of 120 domains have been registered (e.g. Googleco.uk, Amazonco.uk, Ebayco.uk, Bbcco.uk, Dailymailco.uk)
  2. 22 domains are reserved for the .co.uk owners as they already exist in .co.uk (e.g. Veryco.uk, Aolco.uk)
  3. 32 domains are available to register

I decided not to publish the complete list of the 120 domain names and not to list any of the available domain names in .uk so I would encourage further domain name registrations. Anyone with a true interest in this list can contact me.

41 of those 66 domains were registered in the first 10 days .uk domains were released. This clearly shows the urgency when dealing with brand protection.

I checked to see how many of the 22 reserved domains are owned by the brand owners. Not a lot is the short answer. E.g. Argosco.co.uk is owned by someone from China. He is the only one that can now register the domain name Argosco.uk.

The most remarkable observation is that none of the 66 registered .uk domains has been registered by the .co.uk owner. NONE.

This is the registrant country distribution of the 66 registered domain names:

  • 15 UK (some could be using a fake or proxy address)
  • 13 China
  • 10 Listed as Non-UK
  • 10 Sweden
  • 8 Unknown
  • 5 Not Validated and probably fake and have been suspended
  • 4 Czech Republic
  • 1 Greece

6 domain names in total have been suspended. I don’t know the specific reason that each domain was suspended but it seems that the .uk suspension problems are pretty bad.

I have not researched the .uk validation system thoroughly but there seems to be a problem with it. Googleco.uk was registered in October yet the domain name displays this message in whois: “Data validation: Registrant contact details validated by Nominet on 02-Mar-2014”. Not sure how a domain name can validated before being registered. The domain name does not resolve.

The registrant of the domain name 123-regco.uk was stupid enough to register a typo of the 123-reg registrar that uses the domain name 123-reg.co.uk at that exact same registrar. No wonder the registrar suspended the domain.

I also took a look at how the domains are being used. Here are the results:

  • 57 of the domains are parked (Sedo, Parkingcrew.com, Bodis etc.)
  • 2 domains are using affiliates (e.g. Ancestryco.uk)
  • 7 domains don’t resolve or redirect to other domains or are just displaying the default registrar page (e.g. Googleco.uk,Pcworldco.uk, Halifaxco.uk)

So most of the domains are simply used to derive revenue from pay-per-click (PPC) services.

It seems that brands have not realized the problem or simply don’t care. As I said none of the 66 domains have been registered by the equivalent .co.uk owners. So far only 2 complaints have been filed regarding .uk domains at Nominet’s Dispute Resolution Service (DRS).

Of course you can find some generics in the list I examined so not all registered domain names can be considered as a trademark infringement. Someone could name their company Orange and register Orangeco.uk to sell shoes a for example.

You can read more on .UK typosquatting at Netcraft, New Legal Review and UK Fast.

This kind of domain names are ideal for being used on phishing attacks but I don’t know how widespread this issue has been with .uk names so far.

I can only imagine what will happen in 2019 when all the reserved .uk domains that have not been registered by the equivalent registrants are released to the general public.

Nominet has already began emailing registrants with rights to a short .uk domain under the .uk 5-year reservation mechanism to inform the existing registrants of the additional rights now connected to their domains.

Sold.Domains

About Konstantinos Zournas

Konstantinos studied Computer Engineering and Computer Science in London and lives in Athens, Greece. He works on domain names, websites and software development. Has been online since 1995 & domaining since 2002.

6 comments

  1. Nice article.

    I wonder how the actual traffic to these squatted domains compares to the imagined payoff that tempts the squatters.

    I performed a study 3 years ago on traffic to typos of top Alexa sites and found that the volume was negligible. Believe it or not, I was naïve enough back then to register the domains myself sans privacy – not because I wanted to make a buck (which I consider unethical) but because I wanted to get a sense for the value of typos in brand protection. As soon as my sampling period was over, I reached out to the brand managers and gave them the domains they ought to have registered in the first place … at a net loss to me, which was the plan all along. But a very foolish risk for me to have taken in retrospect!

    Even if traffic and PPC earnings are too low to tempt squatters, the real problem s(and the real justification for brand protection) are misdirected customers, lost emails, and especially phishing.

    • Thanks.
      I don’t think that there is enough money to be made with these domains. Maybe googleco.uk is good but it doesn’t resolve.
      You need a very popular website with many novice users to get a lot of typos.
      And some browsers autocorrect some of these mistakes.

      From what I see here there is no phishing going on. It is easy enough to do phishing using srgebdfbd.net by masking the url in an email.
      And phishing is very far away from typosquatting from what I see. Different markets with different methods. Typosquatters are better and faster in buying these domains and they are not doing any phishing.

      But if someone was to setup email in one of those domains it could be very dangerous. I wonder what one would see…

  2. TYposquatting has been long dead since the advent of auto-fill on most modern browsers. But back in the day, it was like mining gold. Easy money left and right.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.