Skip to main content
Home › Learn › Lookalike Domains

What is Typosquatting?

Typosquatting is a cyberattack where bad actors register misspelled versions of popular domain names to intercept users who mistype a URL in their browser.

On this page

  1. What is typosquatting?
  2. Why it matters
  3. How typosquatting works
  4. Types of typos exploited
  5. Real-world examples
  6. How to protect yourself

What is typosquatting?

Typosquatting (also called URL hijacking or domain mimicry) is a form of social engineering attack that relies on common typing mistakes people make when entering a web address. Attackers register domain names that are slight misspellings of legitimate, popular domains.

When a user accidentally types gogle.com instead of google.com, they may land on an attacker-controlled site designed to steal credentials, distribute malware, or generate ad revenue from misdirected traffic.

💡
Why it works: Studies show that up to 1 in 20 web navigations involve a typo. With billions of daily searches, even a small fraction of mistyped URLs means thousands of potential victims per day for popular domains.

Why it matters

🎣

Phishing & credential theft

Attackers create convincing copies of login pages at typosquatted domains. Users who don't notice the misspelled URL may enter their real credentials.

💰

Financial fraud

Typosquatted domains can intercept wire transfer instructions, invoice payments, or redirect e-commerce transactions to the attacker.

🦠

Malware distribution

Typosquatted sites can serve drive-by downloads or prompt users to install fake software updates that contain malware.

🏢

Brand damage

When customers encounter malicious content on a domain that looks like yours, it erodes trust in your brand even though you're not at fault.

How typosquatting works

A typosquatting attack follows a simple but effective process:

1

Attacker identifies a target

The attacker picks a high-traffic domain (a bank, SaaS tool, social network, or your company's site) and generates common misspellings.

2

Registers typo domains

They register as many plausible misspellings as possible. Domains are cheap, so attackers often register dozens of variations.

3

Sets up a malicious site

The typosquatted domain serves a phishing page, malware payload, ad-filled parking page, or redirect to a competitor.

4

Waits for victims

Every user who mistypes the legitimate URL and lands on the typosquatted site becomes a potential victim, no active targeting required.

⚠️
Email typosquatting is even more dangerous: Attackers can also receive email sent to mistyped addresses at their typosquatted domain, potentially intercepting sensitive business communications.

Types of typos exploited

Typosquatters exploit several categories of human typing errors:

Type Description Example
Transposition Two adjacent characters swapped examlpe.com instead of example.com
Omission A character is left out exmple.com instead of example.com
Replacement A character is replaced by an adjacent key ezample.com instead of example.com
Insertion An extra character is accidentally added exaample.com instead of example.com
Repetition A character is typed twice exammple.com instead of example.com
Vowel swap A vowel is replaced with another vowel exomple.com instead of example.com
Hyphenation Hyphens added or removed ex-ample.com instead of example.com
Pluralization Adding or removing trailing 's' examples.com instead of example.com

Real-world examples

goggle.com

One of the most famous typosquatting domains, goggle.com was registered to exploit users mistyping Google's URL. At various points it has served malware, adware installers, and phishing content.

Software package typosquatting

Attackers have published malicious packages to npm, PyPI, and other registries with names similar to popular libraries. For example, a package named crossenv (instead of cross-env) was downloaded thousands of times and stole environment variables including credentials.

Banking domains

Financial institutions are frequent targets. Typosquatted bank domains often host near-identical login pages to harvest online banking credentials, leading to direct financial losses.

How to protect yourself

Register common misspellings

Proactively register the most likely typo variations of your domain and redirect them to your real site. This is the most effective defense.

Monitor for new registrations

Use a domain monitoring service like Domain Guarddog to detect when someone registers a lookalike domain targeting your brand.

Use DMARC to protect email

While DMARC doesn't prevent typosquatting, a strong DMARC policy helps receiving servers identify emails from typosquatted domains as illegitimate.

Educate your users

Train employees and customers to use bookmarks, check URLs carefully, and report suspicious sites that impersonate your brand.

Take legal action

Use UDRP (Uniform Domain-Name Dispute-Resolution Policy) or the ACPA (Anticybersquatting Consumer Protection Act) to reclaim typosquatted domains that infringe your trademark.

Monitor your domain for typosquatting

Domain Guarddog automatically scans for typosquatted domains targeting your brand and alerts you when new threats appear.

Get Started Free