What is typosquatting? How misspelling that domain name can cost you
Oct. 6, 2020
You're set to visit your favorite news site online. But instead of typing .org at the end of the site's address, you mistakenly type .com. Or maybe you type an "a" instead of an "e" when typing your bank's URL. Your favorite streaming site might have a hyphen in its name. But you forget it when typing in its web address.
You might think these misspellings or forgotten punctuation marks are no big deal. But these errors might take you to a fraudulent site filled with malicious software that could instantly clog your computer. Or, you might end up on a site that looks like your bank's webpage. Only when it asks for your password, username, and account number, you're sending this information directly to a cybercriminal.
That's because you might become a victim of typosquatting.
How typosquatting works
Also known as URL hijacking, typosquatting is when someone — maybe a cybercriminal, hacker, or perhaps just someone hoping to advertise a product or service — registers a domain name that is an intentionally misspelled version of other popular websites.
A famous example is the site Goggle.com, an address you might accidentally type when you want to perform a Google search. Originally, this site attempted to install a fake security program on your computer, one filled with malware. If you type Goggle.com today, you’ll end up at a site that, as of September 2020, immediately asks visitors for their age and gender for what it claims is a presidential election survey.
Sometimes these cases of URL hijacking are fairly harmless. You'll just end up on a page advertising some other company's products or services. But other times you might land on a page that can cause serious damage to your computer, trick you into surrendering personal or financial information, or splash pornography across your screen.
It's important, then, to check for typos when tapping out a website's URL.
What is the purpose of typosquatting?
Why would anyone spend time creating a fake website with a URL that is deliberately misspelled? Typosquatters have plenty of reasons, including these.
They want a big payday: Some typosquatters are looking for a quick payday. If they register, say, bankofamereca.com, they might hope that the actual Bank of America will purchase their domain. Bank of America could then use that misspelled domain to reroute typists — those who make that identical spelling error — to the bank’s real website.
They want to earn clicks or views: Some squatters fill their misspelled domains with online ads. If you misspell your destination URL and end up on one of these sites, the owners can earn revenue from all the extra page views. And if you click on one of these online ads? The squatter might earn even more dollars.
They want to earn dollars from affiliate links: Some squatters will redirect you back to the correct domain after you’ve landed on their deliberately misspelled page. But they’ll do this through an affiliate link. The owner of the hijacked URL, then, will earn commissions through that affiliate.
They’re trying to steal your personal information: Some typosquatters want to steal your personal and financial information through a technique known as phishing.
These cybercriminals might create a fake website that looks like the homepage of your bank. If you make a typo when entering the bank’s URL, you’ll be taken to this fake site. The site will ask you to provide certain information to log into your banking portal, such as your account number, password and username. Once the scammers behind this fake site have your log-in credentials, they can use it to access your bank account.
Scammers can do the same with online credit card portals. Phishers will try to get you to enter your credit card account number, site password and username by creating a fake site that, again, looks like the legitimate one run by your credit card company. Once you provide your personal information, the typosquatters may be able to run up charges on your credit card.
They want to download malicious software on your computer: Some typosquatted sites exist to infect your computer with malware. Some might install fake virus-protection programs that make your computer nearly impossible to operate. The cybercriminals that downloaded the software onto your device may then demand hundreds of dollars to remove the malware, but with no guarantee that they’ll actually remove it.
Other squatter sites may try to infect your computer with malware that records your keystrokes and the sites you visit while online. Hackers can use this information to log into password-protected sites, gain access to your online bank account or credit card accounts or snoop through your personal email messages.
To protect their companies: Some businesses will buy up domains that are common misspellings of their URLs. The reason? They want customers who are trying to get to their sites to actually reach them, even if they make a common typo.
Types of typosquatting
There are plenty of typosquatting variations out there. Some of the more common include:
The common misspelling: Typosquatters know that not everyone is a great speller. Maybe you want to buy some weights from dumbbells.com. A typosquatter might register the domain name dumbells.com. (See that missing “b?”)
The common typo: It’s easy to make typing mistakes. URL hijackers know this. It’s why they might register the domain name craftsamlpes.com as a way to trick all those sewers and knitters heading to craftsamples.com.
Changing the domain suffix: There’s a big difference between .com, .org and .gov. Squatters know this and often buy up popular domain names with the wrong suffix after them. For instance, there’s a big difference between WhiteHouse.gov, the official site of the White House, and WhiteHouse.com, a site dedicated to protesting Pres. Donald Trump’s presidency.
Adding an “s”: Squatters can trick plenty of people simply by turning a singular domain name like Realtor.com into its pluralized version, such as Realtors.com.
How can you avoid typosquatting scams?
Type carefully, and don’t click too fast: The obvious way to protect yourself from typosquatting is to type carefully when you are entering a URL. It’s easy to make typos or spelling mistakes when you’re typing quickly. That’s why it’s important to always check the spelling of an URL before clicking onto a Web page.
Look for the lock: Before entering passwords, usernames or any other information into what you think is your banking or credit card portal, look for a padlock symbol in the upper left-hand corner of your browser. Make sure that the website address starts with https:// This means that you are visiting a secure website where your data will be encrypted and protected. Never enter personal information in a site that doesn’t have these symbols.
Don’t click on links in unsolicited emails: You might get an email claiming to be from your bank asking you to click on a link to verify your account information. Don’t click! Your bank will never send you an email like this. When you click, you’ll be taken to a fake site designed to look like your bank’s home page. This page will then ask you to enter personal and financial information to verify your account. It’s a scam, of course. Once you provide this information, criminals can use it to access your bank account. Delete these emails immediately. If you’re worried that your bank really does need your information, call its customer service number and ask.
Scams similar to typosquatting
Typosquatting isn’t the only way scammers can trick you into giving up personal information or visiting malware-infested websites.
Combosquatting: In this version of typosquatting, scammers simply add a new word to an existing domain name to create a new site. For instance, say you bank at Wells Fargo. A combosquatter might create the domain wellsfargobanking.com to trick you into visiting their fake site.
Doppelganger domains: These domain names are almost identical to their legitimate versions, but they are missing a key dot. For instance, financeciti.com could be a doppelganger for finance.citi.com. The fake URL is missing that first dot.
Adding an extra dot: This works the other way, too. Say there’s a legitimate website called chickenfarmfences.com. A squatter might create the site chickenfarm.fences.com. to trick unsuspecting visitors.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Try Norton 360 with Lifelock.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.