What is typosquatting?

How does typosquatting work?

Typosquatting (also known as URL hijacking) is a type of social engineering attack that targets users who type a URL incorrectly. Let’s take “website.com” as an example. You can accidentally type weebsite.com, wbsite.com, or even website.net by mistake.

Bad actors often register domain names that mimic well-known brands to trick users into thinking that they're on a legitimate site. They can copy the structure and design of an original website, so everything would look as it should. There are two main reasons behind typosquatting attacks:

1. Selling products that are similar to the ones on an original site.
2. Stealing users’ passwords, credit card details, and other data.

From a business perspective, a domain typosquatting can seriously damage your company’s reputation and steal a significant amount of your traffic. If a customer gets scammed while trying to access your website, next time they can choose a different service provider.

Types of typosquatting

Bait and switch

You accidentally end up on a fake website and purchase something, but your items never arrive.

Imitators

As the name suggests, imitators portray themselves as legitimate sites and intend to steal your personal information. Companies track imitators and try to shut them down as soon as possible, but it can take a while to do that.

Domain parking

After misspelling a URL, you might find yourself on a website that offers you to buy this domain (and similar domains too). These types of websites can also contain ads that generate revenue for their owner.

Malicious websites

Some websites store malware and intend to infect your system. In rare cases, it’s even possible to get malware just by simply visiting a malicious website.

Surveys and giveaways

These types of websites ask customers for feedback or give them something for free, while trying to steal their sensitive information.

Affiliate links

A fake website redirects traffic back to the original site in order to receive commission. However, brands closely track who they’re paying money, so usually these kinds of scams don’t last long.

What are the common causes of typosquatting?

• Typos. People who type quickly can accidentally make a mistake without realizing it and end up on a fake website.
• Misspelling. Sometimes you might not be sure how a certain brand name should be written. However, many well-known services buy misspelled domains and redirect them to their websites, so misspelling wouldn’t be exploited by hackers.
• Wrong domain extensions. .com, .net, .co, .us are among the most popular domain extensions. However, users often forget the right extension and might type the wrong one, which can bring unexpected results.
• Hyphenated domains. Having a hyphen in a domain name is not a widely used practice and it can cause confusion among users.

Examples of typosquatting

Goggle.com is probably one of the most well known examples of typosquatting, which gained notoriety in 2006. After accidentally loading this bogus website, users were bombarded with ads and viruses. At that time, many computers lacked proper protection from malicious programs, so Goggle.com infected thousands of devices.

Agar.io is a multiplayer online action game, which caught the attention of typosquatters in 2015. They created a website called agor.io which intended to scare users by making metallic sounds, changing colors, and showing an image of Jeff the Killer. The agor.io jumpscare website was taken down the same year, but it certainly caused panic among gamers.

How to protect yourself against typosquatters

Always double-check a URL. If you’re not sure how to spell a website’s name correctly, use search engines to access the legitimate site. Before pressing Enter, inspect a domain name, and make sure you didn’t leave any typos.

Never click on suspicious links in emails. Since criminals often use phishing attacks to redirect users to fake websites, never click on links in your email before closely inspecting them first. Look for grammar mistakes and a sense of urgency. You can also hover over a link to see where exactly it is going.

Bookmark your favorite websites. It’s not a bad idea to bookmark all your favorite sites, so you won’t need to type a URL every time.

Use a VPN. A virtual private network encrypts your traffic and hides your IP address, improving your online security. NordVPN has the CyberSec feature, which blocks websites known for storing malware. With one NordVPN account, you can protect up to six devices: laptops, tablets, smartphones, and more.