Cybercriminals pray on our online mistakes, learning how to transform them into money better and faster. And one of the most common mistakes on the Internet is the lack of attention when we are typing due to our short attention span and the highly dynamic cyberspace environment.

From these small mistakes grew a specific type of threat on the Internet: typosquatting, a technique that takes advantage of typos made by users when typing domain names.

What is Typosquatting and How It Works?

Typosquatting is a form of cybersquatting (sitting on sites that are owned by someone else’s trademark or copyright) that relies on writing mistakes, or typos, made by Internet users when they input a domain address into a web browser. For example: “” instead of “”.

Often cybercriminals register such common misspellings as domains and try to trick users to land on the alternative website for malicious purposes. A visitor can reach a typo site by mistyping the name of a website or being lured there. Once on the site, visitors may be compelled to divulge their personal data or get infected with malware by simply accessing it.

A typosquatter’s site can mimic the logo, design, or even the legitimate site’s content, further tricking the user. Such malicious duplicates are known to be used in phishing attacks to convince targets to cave to the scam.

Companies can be impacted too by fake sites, losing money to cybercriminals that buy the domain, losing visitors to the typo clone, or even suffering major reputation hits related to another website that pretends to be the legitimate business.

Typosquatting is also known as URL hijacking, sting site, domain mimicry, or a fake URL.

Types of Typosquatting

The fake site resembling the legit URL will usually use one of these types of errors:

  • A commonly used misspelling or spelling in a foreign language of the original domain. Users who type rapidly and inaccurately, or who rely largely on autocorrect, are extremely vulnerable to these domain kinds.
  • Spelling errors are so heavily capitalized by cybercriminals that many firms register misspelled versions of their website’s name before anyone else does, and then redirect these misspelled versions to their actual homepage.
  • A distinct top-level domain (.com, .org.). and an abuse of the Country Code Top-Level Domain (.cm, .co, .om instead of .com). To prevent this, many businesses register a range of top-level domains.
  • Variation of plural or singular of the domain name.

How Typosquatting Can Be Used

Typosquatters can have several reasons for buying such a domain. And some of them can be harmless like pranks or parodies or a company can do this o prevent a hacker to buy the domain for malicious use.

But here are the most common motivations behind typosquatting done by cybercriminals:

  • To make money by selling the typo domain to the legitimate brand.
  • To generate advertising income by hosting advertisements or pop-ups
  • To forward the traffic to a competitor of the real domain charging them on a cost-per-click basis.
  • To forward the traffic to the real domain itself but through an affiliate link, making money this way.
  • To use it in a phishing scam, to convince the visitor to give up user credentials.
  • To host drive-by malware or adware.
  • To collect e-mail addresses wrongly sent to the typo domain.

Examples of Typosquatting

Typosquatting affected many well-known companies over time, like Verizon, Lufthansa, and Lego. And usually, these types of incidents come with a high cost for the brand. It is known that Lego spent approximately US$500,000 to take down no less than 309 fake sites.

Celebrities can be also affected by typo sites with their name, and this list includes Madonna, Paris Hilton, Jennifer Lopez, basketball player Dirk Nowitzki, and actress Eva Longoria. Websites using variations of their names have been set up to host porn and ads, or for affiliate links.

Google search engine has been typosquatted by Goggle, a phishing site, since the mid-2000s. The site called, targeted YouTube users with malicious purposes. In a similar case, targeted users but now is a warning page enabled by the company.

More cheerful examples like (, (, and ( were registered by comedian John Oliver for his show Last Week Tonight.

And over 550 typosquatts referring to the 2020 U.S. presidential election were found.

How to Stay Safe from Typosquatting

It may seem simple enough to get to the real site on the Internet, but the differences between a typo site and a real one can be very subtle.

The difference can be only one similar letter, or a number that has been introduced instead of a letter like in “”. Another typical approach is to add or remove an “s” at the end of the domain name.

Some added or erased punctuation can also make a big difference in this case: “” is not the same as “”.

Here are some measures that can keep you safe from typosquatted domains:

  • Save important sites like your bank website, your go-to stores, etc. at favorites so you will not have to type their names in the browser.
  • Alternatively, you can use voice recognition software to access popular URLs.
  • Always check carefully what you type when you are searching for a domain.
  • If your browser auto-completes the address you are searching for, this may be the safer option.
  • Double-check every link you are clicking on, hovering over the link will show you what address the link will take you to.
  • Don’t open suspicious attachments.
  • As a business, it is recommended to register the most obvious typo versions of your domain to avoid any illegal activity linked to them and then to redirect the traffic to your official site.
  • Internet Corporation for Assigned Names and Numbers (ICANN) can help you find out how your company’s name is used in different domains.
  • Use a SSL certificate to signal to your visitors that this is a legit site.
  • Take down any typo domain linked to your business, and notify partners, clients, and employees about it so you will not lose their trust.

How Can Heimdal® Help?

Heimdal’s Endpoint Detection and Response offers unrivaled prevention, threat-hunting, and remediation capabilities, combining six solutions in a single easy-to-deploy and compact agent that will not delay your systems and will help you save significant time.

All our solutions are integrated into a unified dashboard and work together to deliver an enhanced EDR solution (Endpoint Prevention, Detection, and Response), which combines DNS filtering, Automated Patch Management, next-gen Antivirus, and Privileged access management.

Having a complete overview of your environment, within a single interface, will greatly improve your cybersecurity and minimize the attack surface.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® Threat Prevention - Endpoint

Is our next gen proactive shield that stops unknown threats before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Wrapping Up…

As you can see, it is very easy to be the victim of a typosquatter, as small typing mistakes are an ingredient of everyday life on the Internet. And let’s not forget that registering a domain is no hard job and a typo site linked to your business can be in the hands of cybercriminals right now.

All these may be gloomy news, but, fortunately, to avoid all the fuss, money loss, and possible reputation damage, you can follow these simple rules that will keep you safe.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Massive Typosquatting Campaign Uses over 200 Fake Domains

SquirrelWaffle Is Using Typosquatting in Latest Campaign

Heimdal™ SOC Team Discovers Typosquatting Domain Masquerading as Crypto-Swapping Platform

Leave a Reply

Your email address will not be published. Required fields are marked *