Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

What is typosquatting?

Cyber criminals always have. exploited human error to steal personal data. Now they're doing it through typosquatting, which you can learn more about here.

21-02-2023 - 7 minute read. Posted in: cybercrime.

What is typosquatting?

Typosquatting: What it is and how to protect yourself

Typosquatting, also known as URL hijacking, is a form of cybersquatting where cybercriminals exploit common typing mistakes users make when entering website addresses. By registering domain names that resemble popular websites but contain slight misspellings, hackers trick users into visiting malicious sites.

To fully grasp typosquatting, it's important to understand three key concepts:

  • Squatting: The act of unlawfully occupying a property—this can be a physical property (e.g., a house) or a digital property (e.g., a domain name).

  • Typo: A typographical error that occurs when someone mistypes words or characters.

  • Cybersquatting: The practice of registering domain names similar to legitimate businesses to deceive users or extort money.

Definition and meaning

Typosquatting, also known as URL hijacking, is a form of cybercrime that targets internet users who incorrectly type a URL into their web browser. This deceptive practice involves registering domain names that are common misspellings of legitimate websites, with the intention of tricking users into visiting malicious websites. Essentially, typosquatting is a type of social engineering attack that preys on human error, specifically the typographical errors made when typing a website’s URL into a web browser. By exploiting these mistakes, cybercriminals can redirect users to malicious sites designed to steal personal information or install harmful software.

How typosquatting works

Cybercriminals anticipate common typographical errors and register domains that mimic legitimate websites. For example, slight variations of well-known domains such as:

  • facebok.com (instead of facebook.com)

  • youttube.com (instead of youtube.com)

  • gooogle.com (instead of google.com)

  • moxsso.com (instead of moxso.com)

These fraudulent domains often look nearly identical to the real sites, making it difficult for users to notice the deception. Once on these sites, visitors may unknowingly enter sensitive information, such as login credentials or payment details, which hackers can then exploit. It is crucial for users to verify that they are on the real site by checking for SSL certificates and other security indicators.

Real-world example of typosquatting

A notable example occurred in 2006 when cybercriminals registered goggle.com to deceive users searching for Google. Similar attacks have involved domain names like foogle.com, hoogle.com, and boogle.com, playing on keyboard proximity errors.

Hackers leverage typosquatting primarily in phishing attacks, tricking users into sharing personal information or installing malware. This is why businesses with high web traffic should proactively register domain names that include common misspellings and variations of their primary domain to secure potential typosquatted domains.

Types of typosquatted domains attacks

Hackers use various typosquatting techniques to deceive users. Here are the most common types:

Users may inadvertently access an alternative website created by cybercriminals, which can pose significant cybersecurity risks.

Types of typos

Typos are the most common error when entering search information, often a product of our rushed day-to-day lives. Those who type quickly and imprecisely or rely heavily on autocorrect are especially prone to becoming victims of typosquatting. For instance, a simple slip of the finger can lead to typing “gogle.com” instead of “google.com.” These minor errors are enough for cybercriminals to exploit, redirecting users to malicious websites that mimic legitimate ones. Being aware of this common pitfall can help users stay vigilant and avoid falling into the trap of typosquatted domains.

1. Typographical errors

Simple misspellings of popular websites, such as "amazn.com" instead of "amazon.com," exploit frequent typing mistakes.

2. Spelling variations

Some users might mistype names by adding or omitting letters, such as "gooogle.com" instead of "google.com."

3. Wrong domain extensions

Changing a website’s domain extension can mislead users, such as typing "example.org" instead of "example.com."

4. Alternative spellings

Hackers register domains that reflect phonetic or alternative spellings of well-known brands, like "fotografy.com" instead of "photography.com."

5. Hyphenation confusion

Websites with hyphenated names are also vulnerable. For example, "barnesandnoble.com" vs. "barnes-noble.com."

6. Imitating popular brands

Fraudsters add words related to a company’s specialization to create fake sites, such as “moxso-training.com” instead of “moxso.com.”

7. Monetizing traffic

Monetizing traffic is a common use of typosquatted domains. Owners of these fake websites often host advertisements or pop-ups to generate advertising revenue from unsuspecting visitors. This can be a lucrative business for typosquatters, as they earn money each time a user visits their malicious websites. By capitalizing on the high traffic volumes of popular sites, typosquatters can redirect users to their own pages filled with ads, affiliate links, or even more harmful content. This not only disrupts the user experience but also poses significant security risks.

Risks of malicious websites

Falling victim to typosquatting can have serious consequences, including:

Visiting a malicious website can lead to the installation of harmful software, such as malware or adware, on your device.

1. Phishing attacks

Hackers create fake site login pages that resemble real websites, tricking users into entering their credentials. Learn more about how phishing attacks work and how to protect yourself from them.

2. Malware installation

Some typosquatted websites automatically install malware, which can:

  • Steal personal and financial data.

  • Log keystrokes.

  • Take control of your device.

3. Ransomware attacks

Hackers may lock your files and demand payment to restore access. Explore how ransomware attacks work and how to defend against them.

4. Financial fraud

If you enter credit card details on a fake website, cybercriminals can use or sell your financial information. In some cases, a fake site redirects traffic back to the brand by utilizing affiliate links, allowing the site to earn a commission from purchases made through the brand's official affiliate program.

5. Identity theft

Hackers use stolen personal details to commit fraud, open bank accounts, or conduct scams. Find out how to recognize and prevent identity theft before it happens to you.

How to protect yourself from typosquatting

To minimize the risk of typosquatting attacks, follow these best practices:

1. Double-check URLs

Before entering sensitive information, verify the website’s URL. Bookmark frequently visited sites to avoid mistyping.

2. Enable browser security features

Many modern browsers detect fraudulent websites and warn users before they visit them.

3. Use multi-factor authentication (MFA)

Even if your credentials are compromised, MFA adds an extra security layer to prevent unauthorized access.

Avoid clicking suspicious links in emails or messages. Always verify URLs manually.

5. Businesses: Register similar domain names

Companies can preemptively buy typo-variants of their domain names to prevent exploitation.

6. Verifying website authenticity

Verifying website authenticity is crucial in preventing typosquatting attacks. Users can take several steps to ensure they are visiting a legitimate website. First, always double-check the URL for any misspellings or unusual characters. Look for the lock symbol in the address bar, which indicates that the site has an SSL certificate and is secure. Additionally, using reputable search engines can help filter out malicious sites. Be cautious when clicking on links in unsolicited messages or emails, as these can often lead to typosquatted domains. By taking these precautions, users can significantly reduce the risk of falling victim to typosquatting.

7. Reporting suspicious websites

Reporting suspicious websites is an important step in preventing typosquatting attacks. If you come across a website that seems suspicious or is clearly a typosquatted domain, report it to the relevant authorities, such as the Internet Corporation for Assigned Names and Numbers (ICANN) or the Federal Trade Commission (FTC). Additionally, you can report these sites to your internet service provider or web hosting company. By taking the time to report suspicious websites, you can help prevent typosquatting attacks and protect others from falling victim to these types of cybercrimes. Your vigilance can make a significant difference in maintaining a safer online environment.

Stay safe from typosquatting attacks

Typosquatting is a significant cybersecurity threat that can lead to phishing attacks, malware infections, and identity theft. By staying vigilant, using secure browsing habits, and adopting proactive security measures, you can protect yourself and your business from falling victim to typosquatting scams.

For more cybersecurity insights, check out our glossary of cybersecurity terms and stay informed on the latest threats.

This post has been updated on 07-03-2025 by Sarah Krarup.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

Royal Ransomware - the new hacking
hacking

Royal Ransomware - the new hacking

There are new and more cunning ways for hackers to infiltrate systems and software. One of those methods is royal ransomware, which we'll discuss below.

22-03-2023 · 9 min.
How hackers circumvent the MFA
hacking

How hackers circumvent the MFA

MFA is a feature designed to keep hackers out. However, there are different ways they can get around it - here we'll highlight which ones.

13-04-2023 · 6 min.
Melissa: A dance with the devil
case

Melissa: A dance with the devil

The Melissa virus was a virus that was released around March 26, 1999. It targeted Microsoft Word and Outlook-based systems.

09-05-2022 · 4 min.