>

Glossary Home

What will I learn?

  1. What is typosquatting?
  2. How does typosquatting work?
  3. Typosquatting vs. Cybersquatting
  4. Who are the targets of typosquatting?
  5. How typosquatting affects users and businesses?
  6. How to prevent typosquatting?

Related Content

Glossary Home

Typosquatting

What is typosquatting?

Typosquatting, also known as URL hijacking or domain mimicry, is a malicious technique where attackers register web domains that closely resemble legitimate websites. These deceptive domains often contain minor misspellings, extra or missing characters, or visually similar letters (such as using "0" instead of "o") to trick users into believing they are visiting a trusted website.

How does typosquatting work?

Typosquatting occurs when attackers register domain names that are identical to popular websites but contain small spelling mistakes or character substitutions. When users accidentally type the wrong URL, they land on these fake sites, which can steal personal information, spread malware, or impersonate brands to deceive users. Because both the domain name and the webpage design closely resemble the original site, users often do not realise they are being tricked.

Typosquatting vs. Cybersquatting

  • Typosquatting involves registering domains with misspellings or visually similar characters that rely on users making typing errors or being fooled by visual tricks. Its primary purpose is deception, such as phishing, credential theft, malware distribution, or brand impersonation. Examples include domains like gooogle.com, amaz0n.net, and micros0ft.org.
  • Cybersquatting involves registering domains that use exact brand names or trademarks, usually to profit by reselling the domain or demanding payouts. Examples include nike-shop.com or coca-colastore.com.

Who are the targets of typosquatting?

Users who accidentally mistype web addresses in their browser are the main targets. For example, instead of visiting example.com, a user might end up on exampel.com, a domain controlled by an attacker.

How typosquatting affects users and businesses?

Though it may seem like a minor exploit, typosquatting can have serious consequences, including:

  • Phishing attacks: Visitors may be prompted to enter login credentials, banking information, or personal data, which attackers can use for identity theft or unauthorized system access.
  • Malware distribution: Fake sites often host malicious files or scripts that can infect devices and networks simply upon visiting.
  • Credential theft: Login forms on typosquatted domains appear authentic, capturing sensitive usernames and passwords for unauthorized use.
  • Brand impersonation and reputation damage: Attackers can impersonate company executives or customer service representatives, leading to confusion and loss of customer trust.
  • Click fraud and deceptive advertising: Some typosquatted domains display low-quality ads, pop-ups, or fake surveys to generate revenue or trick users into downloading unsafe software.

Organizations risk data breaches, revenue loss, legal liability, and reputational harm from such attacks.

How to prevent typosquatting?

For individual users:
  • Always verify URLs carefully before clicking links or entering information.
  • Use bookmarks for frequently visited websites to avoid typos.
  • Enable Multi-factor authentication (MFA) which adds an extra layer of security. Even if attackers gain your credentials, they can’t access the your account without the second authentication factor.
  • Be cautious with links received via email or messages from unknown sources.
  • Hover over links to check for misspellings or suspicious domains before clicking.
  • Use updated antivirus software and keep browser security settings updated.
  • Prefer searching for websites via trusted search engines instead of typing URLs manually.
For organizations:
  • Register similar and misspelled domains: Secure common misspellings, typos, and domain variations to prevent attackers from exploiting them.
  • Implement strong email authentication: Configure SPF, DKIM, and DMARC to protect email channels from spoofing by typosquatted domains.
  • Continuously monitor domain registrations: Employ domain monitoring tools to identify suspicious newly registered domains resembling your brand.
  • Use trusted browser extensions: Some browser extensions can detect and warn you about suspicious or typosquatted domains. They can help to block access to lookalike websites, reducing the risk of phishing and data theft.
  • Use SSL certificates to signal trust: Ensure your website uses a valid SSL certificate to encrypt data and signal authenticity. Missing or invalid certificates can indicate fraudulent sites.
  • Deploy advanced security solutions: Adopt cybersecurity solutions like Zoho eProtect which includes a feature called Cousin Domains, which identifies domain names that closely resemble legitimate ones such as those with minor spelling variations and takes appropriate actions to mitigate potential threats.
  • Educate employees and customers: Conduct training and awareness programs on verifying urls and recognizing suspicious links.
  • Take legal and enforcement actions: If typosquatted domains are identified, take legal actions to take down or transfer those domains.