Typosquatting
Registering domains with common misspellings of popular websites to deceive users into visiting malicious sites.
Also known as: URL Hijacking, Domain Typosquatting
Category: Concepts
Tags: security, attacks, phishing, domains, deception
Explanation
Typosquatting, also known as URL hijacking, is a form of cybersquatting that exploits typographical errors made by internet users when entering website addresses. Attackers register domain names that are slight misspellings of popular websites, hoping to capture traffic from users who mistype URLs.
Common typosquatting techniques include: character omission (gogle.com), character addition (googgle.com), character substitution (goggle.com), adjacent key errors (googke.com), wrong top-level domains (google.co instead of google.com), and homograph attacks using similar-looking characters from different alphabets (using Cyrillic 'а' instead of Latin 'a').
Once users land on typosquatted domains, attackers can deploy various malicious activities: phishing pages that mimic the legitimate site to steal credentials, malware distribution through drive-by downloads, ad fraud by displaying advertisements, affiliate fraud by redirecting to legitimate sites through affiliate links, or competitive intelligence gathering by collecting data about intended visitors.
Notable cases include typosquatting of major banks, tech companies, and government sites. In 2024, the cybersecurity community documented thousands of typosquatted domains targeting cryptocurrency exchanges.
Defenses include: organizations proactively registering common misspellings of their domains, implementing DMARC and other email authentication, using browser security features that warn about suspicious sites, training users to verify URLs carefully, and deploying DNS-layer security solutions that block known typosquatted domains.
Related Concepts
← Back to all concepts