Back to blog page

What is typosquatting? Types and examples

Fraudulent websites are a common example of a cybersecurity risk. Cybercriminals mimic the sites of trusted businesses to phish for visitors’ personal data or spread malware. One tool in their arsenal is typosquatting, where they buy domain names that are intentional misspellings of popular websites.

But how can a simple typo leave you vulnerable to online scams?

Two women dressed in black in dark warehouse room working on computer with two screens
Typosquatting turns simple typos into a tool for cybercrime

Typosquatting definition

As you may recall from our discussions of different types of phishing scams, e.g., spear phishing, cybercriminals sometimes try to lure their unsuspecting victims to fake websites where they trick them into entering login credentials or installing malware.Typosquatting is one way of tricking people to visiting these malicious websites. The word comes from “typo” – the small mistakes we all can make when typing – and “squatter” – a person who settles unlawfully on property without paying. In typosquatting, a person registers a domain name that is a common misspelling of a legitimate company’s website, e.g. gooogle.com instead of google.com. Then when a user incorrectly types the URL into their web browser, they will be taken to the false site. Such scams also go by the names website hijacking, URL hijacking, domain mimicry, and fake URLs.
 
Typosquatting starts as a legitimate business transaction, with the scammer buying and registering a domain name that is a misspelling of a popular website. Sometimes they will even purchase multiple URLs that are variants of the same name – like amzon, amazun, maazon, amozan, etc. Another variation is to spell the company name correctly but use a different top-level domain name, like amazon.net instead of amazon.com. Or, they might register the letters www as part of the name, like wwwamazon.com instead of www.amazon.com. Because this practice has become so widespread, many companies have resorted to buying up these typo versions of their names themselves or blocking such domains through The Internet Corporation for Assigned Names and Numbers (ICANN) service as typosquatting protection.

Types of typosquatting attacks

Once the scammer has registered the false domain, there are many ways it can be used to their advantage – at the expense of the unsuspecting user. For example, they can build a website that looks enough like the real thing that people are tricked into logging in. The cybercriminal can then phish their login credentials – and if the victim uses the same username and password across multiple sites, their other online accounts are at risk as well. Although typosquatting is often used in such phishing scams, the perpetrators may have other tricks in mind. For example, they can drive traffic meant for the real site to the competitors instead, charging on a per-click basis. Or they can generate revenue through advertisements, pop-ups or affiliate links on the fake site. It is quite common for hijacked websites to be used to install malware or adware on the devices of those who mistakenly visit the site. And typosquatting can also be used to set up joke sites that make fun of the owner of the legitimate site, be it a company, a celebrity or a politician.
 

What are the eight types of typosquatting?


Typosquatting comes in many different forms that you should be aware of to protect yourself, your data, and your hardware.

Affiliate links: A fake site will redirect visitors to a link that will take them to the real website they were searching for, but it allows the fake site owner to earn a commission from each redirected visitor. Many companies have affiliate marketing program.

Bait and Switch:  Once a user arrive to a typosquatted site, they are typically presented with deceptive content, including fake products, misleading offers, or seemingly harmless software downloads. It is used to bait users into engaging with the fake site under the false pretense of the site being authentic.

Imitation Sites: A realistic looking duplicate website mirrored after an authentic website. It is meant to imitate the real website to make you think you are on the authentic website when in fact you are on a duplicate.

Fake Surveys and Giveaways: “Click here to give your feedback” can be a typosquatting attack. The fake website can present you with an opportunity to “win $100,000,000” in order to steal your sensitive data. The survey and giveaway are tempting because they promise monetary value – but be careful not to be swindled out of your sensitive information.

Joke Sites: This is a website that is created to show the authentic company or organization in a bad light. Joke sites are meant to make fun of the existing website. This is often motivated by revenge.

Malware Distribution: Visiting an unknowingly malicious website can result in the spread of malware on your devices.

Phishing Attacks: Imitation sites are developed to look realistically close to a real website with the purpose of carrying out phishing attacks to obtain access to your sensitive data, emails, and account credentials.

Website Monetization: A fake website is created for the sole purpose of generating revenue by showing advertisements such as popup ads to the site visitors. Visiting the website will give the fake site owner monetary benefits.

What are the dangers of typosquatting?

Typosquatting poses many risks due to its deceptive nature. Being a victim of a typosquatting attack can have dangerous consequences:

  • Violations of online privacy: Users may provide sensitive information unknowingly to third parties. This is a violation of online privacy because the user was not aware of this exchange of personal data.
  • Malware attacks: Typosquatted websites can distribute malicious software on user devices. This includes Trojans, viruses, and ransomware
  • Distribution of sensitive data: Fake sites used for phishing attacks can gain access to a user’s special login credentials, card details, bank details, and other personal information such as name and date of birth.
  • Being scammed: No one likes to feel scammed or be scammed. The result of being scammed is an increased vulnerability in secure aspects relating to online presence. Personal information can be compromised as well as device specific information.
  • Data theft: The theft of a user’s personal data can lead to theft of financial information and then identity theft or even financial losses.

How to protect yourself against typosquatting

As an individual, the best way to protect yourself against landing on a typosquatting website is to exercise caution. Don’t click on links or open email attachments unless you are 100% sure you can trust the source and the sender. Use your mouse to hover over links and carefully inspect the URLs before clicking. And since typosquatting is based on the fact that we are all prone to typos, avoid typing the URL directly into the browser yourself. Instead, you can:
  • Bookmark sites you visit often
  • Use a search engine to look for the site and use the link on the results page
  • Use voice recognition software or a smart assistant to go to popular websites
  • Leave sites that you visit every day open in the browser tabs

How companies can prevent typosquatting

For companies, the most straightforward – although expensive – way to prevent typosquatting of their websites is to trademark their domains and purchase all related domain names that could be easily misspelled. Once a domain has been trademarked, it is possible to file complaints against typosquatters. Monitoring services are also available to help companies keep track of how their names are being used and watch for significant changes in site traffic.
 

Famous typosquatting examples


You may still recall one of the earliest examples of typosquatting that occurred 15 years ago, when cybercriminals registered goggle.com and operated it as a phishing site. Or in another case from the aughts, a teenage boy from Canada named Mike Rowe was sued by Microsoft after he registered the domain “MikeRoweSoft.com.” Although it usually only makes headlines when it affects a major corporation or brand, the practice is still going strong today. For example, several candidates in the 2020 US presidential election reported that fake URLs that were close to their names had been set up for malicious motives ranging from spreading misinformation to fake fundraising pages.
 
 
We hope this information will help raise your awareness and keep you safe from fraudulent websites! Please leave us your feedback below.

This article first appeared on November 7, 2021, and was updated on November 8, 2023

Images: 1&1/Shutterstock

Posted in

Internet Phishing Security

50 people found this article helpful.

Related articles

Is this URL safe? How to check if a link you received is dangerous

Unsafe links in emails can install malware on your device or go to fraudulent websites. So how do you know when a URL is safe to click? Try these URL checkers! more

What is pharming and how can you protect yourself?

Cybercriminals use pharming to harvest personal data and passwords and commit identity theft. Learn to protect yourself and to identify fake websites. more

Are security questions secure? Not really – here’s why

Security questions are losing favor and being replaced with stronger authentication. Learn why security questions aren't secure and what methods are better. more