Typosquatting is when someone registers a domain name that is an intentionally misspelled version of another popular website. While many misspelled URLs won’t work or will redirect you, some of these fake websites that look real might be a source of malware, and visiting them could even lead to identity theft. Get Norton 360 with LifeLock Select to help protect against typosquatting, safeguard your identity, and block online threats.
Typosquatting gets its name from the act of occupying—or “squatting” in—a space that one doesn’t own. A famous example of typosquatting is the site Goggle.com, an address you might accidentally type when you want to perform a Google search.
Originally, this site attempted to install a fake antivirus security program on your computer, one infected with malware.
Sometimes, these cases of URL hijacking are fairly harmless. You'll just end up on a page advertising some other company's products or services. But other times, you might land on a page that can cause serious damage to your computer, trick you into compromising personal or financial information, or splash pornography across your screen.
What is the purpose of typosquatting?
Someone might buy a domain and create a website on a deliberately misspelled URL for many reasons, including:
Some typosquatters are looking for a quick payday. If, for example, they register the domain bankofamereca.com, they might hope that the actual Bank of America will purchase their domain. Bank of America could then use that misspelled domain to reroute searchers who entered the incorrect URL to the bank’s real website.
Getting clicks or views
Some squatters fill their misspelled typosquatting websites with online ads. If you misspell a destination URL and end up on one of these sites, the owners can earn revenue from your page view. The squatter might earn even more if you click on one of these online ads.
Earning money from affiliate links
Some squatters will redirect you back to the correct domain after you’ve landed on their deliberately misspelled page. But they’ll do this through an affiliate link. The owner of the hijacked URL will earn commissions through that affiliate.
Running a bait-and-switch scam
In these scams, the cybercriminal offers a product or service and accepts payment on a fake site designed to look like the real deal (a practice called website spoofing). Of course, the scammer never actually sends the item or performs the service.
Stealing your personal information
Some typosquatters want to steal your personal and financial information through a technique known as phishing. These cybercriminals might create a fake website that looks like your bank’s homepage. The site will ask you to use your login information to sign into your banking or credit card portal. Once the scammers behind this fake site have your login credentials, they can use them to access your bank account. They can do the same with online credit card portals.
Downloading malicious software onto your computer
Some typosquatting sites exist to infect your computer with malware. Some might install fake virus-protection programs that make your computer nearly impossible to operate. Other squatter sites may try to infect your computer with malware that records your keystrokes and tracks the sites you visit online. Hackers can use this information to log into password-protected sites, access your online bank account or credit card accounts, or snoop through your personal email.
Protecting their company
Some businesses buy domains that are common misspellings of their URLs because they want customers who are trying to get to their sites to reach them, even if they make a common typo.
Creating a joke site
Not all typosquatting sites are malicious. Some people buy these misspelled domains and create pages that mock the real site or product.
How do these people find domains to use as a launching pad for their fake sites?
Types of typosquatting
There are plenty of ways that scammers can try to trick you into clicking on a domain they own. Some of the most common types of domain typosquatting include:
- Common misspellings: Typosquatters know that not everyone is a great speller. Maybe you want to buy some weights from dumbbells.com. A typosquatter might register the domain name dumbells.com (see that missing “b?”).
- Common typos: It’s easy to make typing mistakes. URL hijackers know this. It’s why they might register the domain name craftsamlpes.com to trick all those sewers and knitters heading to craftsamples.com.
- Changing the domain suffix: There’s a big difference between .com, .net, .org, and .gov. Squatters know this and often buy up popular domain names with the wrong suffix (or top-level domain) after them.
- Adding an “s”: Squatters can trick people simply by turning a singular domain name like realtor.com into its pluralized version, such as realtors.com.
- Adding hyphens: Because accidentally adding an extra hyphen when typing in a URL is so easy, some scammers will buy domains that include extra hyphens on the off chance that someone doesn’t catch their mistake before hitting enter.
- Including WWW in the URL: Typosquatters know just how easy it is to miss adding a period when typing in a URL, so they’ll buy domains that include “www” in the URL. That way, if someone doesn’t hit the period key after typing “www,” they’ll be directed to the phony site.
With the many ways you could end up on one of these potentially dangerous sites, it might seem impossible to browse safely. But don’t worry—there are some things you can do to stay safe online.
How to avoid typosquatting scams
To reduce the likelihood of getting scammed by fake websites, there are a few simple steps you can take to help avoid typosquatting sites and figure out if a website is safe.
Type carefully and don’t click too fast
The obvious way to protect yourself from typosquatting is to type carefully when entering a URL. It’s easy to make typos or spelling mistakes when typing quickly. Always check the spelling of a URL before clicking on a page.
Look for the lock
Before entering passwords, usernames, or any other information into what you think is your banking or credit card portal, look for a padlock symbol in the address bar. Ensure that the website address has https:// at the beginning—the “s” means that you are visiting a secure website with an SSL certificate where your data will be encrypted and protected. Never enter personal information on an unsecured website.
Don’t click on links in unsolicited messages
You might get an email or text message claiming to be from your bank asking you to click on a link to verify your account information. Don’t click! Your bank will never send you a message like this. If you click, you’ll be taken to a fake site that looks like your bank’s home page. This page will then ask you to enter personal and financial information to verify your account. Once you provide this information, criminals can use it to access your bank account.
Delete suspicious messages immediately
If you receive a strange email or text, delete it. If your email service has a button to click that reports the message as spam, make sure to report it—that will help your provider identify and delete spam and other dangerous messages more efficiently in the future.
Protect yourself from scam websites
Norton 360 with LifeLock Select can help protect you and your family from typosquatting attacks, malware, and identity theft by blocking hackers and fake sites that could compromise your personal information or cause damage to your devices. Plus, it includes LifeLock ID Theft Protection to help monitor and alert you to possible threats to your identity.
FAQs about typosquatting
Still have more questions about typosquatting? We have answers.
What is the difference between typosquatting and spoofing?
Spoofing is when a cybercriminal or hacker creates a fake site that looks like the site of a real company in order to phish for information. A typosquatted site is a form of domain spoofing that aims to create a domain that looks similar to an existing site.
Are cybersquatting and typosquatting the same?
They can be. While many typosquatter sites are created specifically to get information or money from people by pretending to be something they aren’t, a cybersquatter may just buy up domains adjacent to a real business’s domain in the hopes of selling that domain to the business.
Is typosquatting legal?
Under the Anticybersquatting Consumer Protection Act (ACPA), typosquatting is illegal when a site on a domain exists for fraudulent or misleading purposes. That means that if someone buys a domain and creates a lookalike website to sell a product, they could be prosecuted or sued.
Is cybersquatting illegal?
If done in bad faith, cybersquatting is illegal under the ACPA. That means that if someone buys a domain just to increase the price and sell it to the rightful owner of a trademark, it is illegal.
What is combosquatting?
In this version of typosquatting, scammers simply add a new word to an existing domain name to create a new site. For instance, say you bank at Wells Fargo. A combosquatter might create the domain wellsfargobanking.com to trick you into visiting their fake site and providing sensitive information.
What are doppelganger domains?
These typosquatted domains are almost identical to their legitimate versions, but they are missing a key dot. For instance, financeciti.com could be a doppelganger for finance.citi.com. The fake URL is missing that first dot. This works the other way, too.
Say there’s a legitimate website called chickenfarmfences.com. A squatter might create the site chickenfarm.fences.com to trick unsuspecting visitors.