Home/Glossary/Typosquatting

Typosquatting

Registering domain names similar to popular sites by exploiting common typing errors to deceive users.

Web SecurityAlso called: "url hijacking", "domain typosquatting", "typo squatting"

Typosquatting (also called URL hijacking) targets users who mistype domain names.

Common typosquatting techniques

  • Omission: gogle.com (missing 'o' from google.com).
  • Repetition: gooogle.com (extra 'o').
  • Substitution: googIe.com (capital 'I' for lowercase 'l').
  • Transposition: gogle.com (swapped letters).
  • Addition: googles.com (extra character).
  • TLD variation: google.net instead of google.com.
  • Homoglyphs: gооgle.com (Cyrillic 'о' instead of Latin 'o').
  • Hyphenation: go-ogle.com or goo-gle.com.

Attacker motivations

  • Phishing: Collect credentials via fake login pages.
  • Malware distribution: Infect visitors with trojans/ransomware.
  • Ad revenue: Display ads on typo domains for profit.
  • Brand dilution: Damage competitor reputation.
  • Affiliate fraud: Hijack referral commissions.
  • Ransomware: Demand payment to transfer domain back.

Impact on organizations

  • Lost revenue from misdirected traffic.
  • Customer data theft and fraud.
  • Brand reputation damage.
  • Customer support costs.
  • Legal expenses to recover domains.

Detection methods

  • TLD enumeration: Check domain across all TLDs.
  • Edit distance algorithms: Find similar domain strings.
  • Certificate Transparency logs: Monitor newly issued SSL certs.
  • WHOIS monitoring: Track new registrations.
  • Brand monitoring services: Automated detection tools.

Legal remedies

  • ACPA (US): Anticybersquatting Consumer Protection Act.
  • UDRP: Uniform Domain-Name Dispute-Resolution Policy.
  • Trademark law: Sue for infringement and damages.
  • Cybersquatting takedowns: Report to registrars/ISPs.

Prevention strategies

  • Register common typo variations proactively.
  • Monitor new domain registrations.
  • Implement HTTPS with HSTS to prevent mitm.
  • Educate users about checking URLs carefully.
  • Use browser bookmarks instead of typing.
  • Deploy DMARC, SPF, DKIM for email protection.

Famous cases

  • Goggle.com (targeting Google users).
  • Youutube.com (targeting YouTube).
  • Paypai.com (targeting PayPal users).
  • Numerous banking site typos for phishing.

Related Tools

Explore More Web Security

View all terms

Cross-Site Request Forgery (CSRF)

An attack that tricks a victim into submitting unauthorized requests using their authenticated session.

Read more →

Cross-Site Scripting (XSS)

A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Read more →

HTML Entity Encoding

A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.

Read more →

HTTP Cookie

Small pieces of data stored by web browsers, used for session management, personalization, and tracking.

Read more →

HTTP Security Headers

Response headers that enable browser security protections against common web attacks.

Read more →

JSON Web Token (JWT)

A compact, URL-safe token format used to securely transmit claims between parties in web applications.

Read more →
Back to glossary