Seonio
Start Free

SEO

Typosquatting Explained: Domain Risks & Brand Protection

Understand how typosquatting exploits domain errors to steal traffic. Explore common variations, phishing risks, and legal actions for brand protection.

9.9k
typosquatting
Monthly Search Volume
/keyword/typosquatting
Keyword Research

Typosquatting, also known as URL hijacking, a cousin domain, or a sting site, is a form of cybersquatting where actors register domain names that are common misspellings of legitimate websites. These sites rely on users making typographical errors when entering addresses into a browser or clicking deceptive links. For marketers and SEO practitioners, this practice poses a significant threat to brand integrity, user trust, and organic traffic retention.

What is Typosquatting?

Typosquattors target the gap between what a user intends to type and what they actually input. By owning a "fake URL," an attacker can capture traffic meant for a specific brand. While some uses are relatively harmless, such as parody pages or "gripe sites" used for criticism, many are designed for malicious activities like phishing or malware distribution.

Why Typosquatting matters

  • Traffic Theft: Users intending to visit your site are diverted to competitors or ad-heavy landing pages.
  • Brand Reputation: Malicious sites that copy your logo and layout can trick users into thinking your brand is responsible for data theft or poor service.
  • Phishing Risks: Attackers use similar domains to harvest passwords and credit card details from unsuspecting customers.
  • Cybersecurity Threats: Visiting a typosquatted site can trigger "drive-by downloads" that install malware without user interaction.
  • Legal Costs: Protecting your brand often requires expensive legal proceedings or the purchase of domain names from squatters at a premium.

How Typosquatting works

  1. Selection: The actor identifies a popular brand or a high-traffic website.
  2. Registration: They register multiple permutations of the domain, such as common typos, plural versions, or different top-level domains (TLDs).
  3. Setup: The squatter populates the site with content. This could range from a simple page of ads to a pixel-perfect clone of the target brand’s website to facilitate phishing.
  4. Monetization: The squatter generates revenue through affiliate links, ad impressions, direct sales of counterfeit goods, or by holding the domain hostage for sale to the brand owner.

Variations of Typosquatting

Actors use several distinct methods to create deceptive URLs:

  • Typographical Errors: Missing a letter (gogle.com) or swapping adjacent keys.
  • Spelling Variations: Using "favourite" instead of "favorite" to target specific regions.
  • TLD Abuse: Using .co, .cm, or .om instead of .com to catch users who forget a letter.
  • Combosquatting: Adding a legitimate-looking word to the brand name, such as "amazon-onlineshop.com."
  • Doppelganger Domains: Omitting or adding periods, such as "examplecom" rather than "example.com."
  • Hyphenation: Adding or removing hyphens to confuse the user (e.g., example-store.com).

Best practices for brand protection

Defensive registration

Purchase obvious typo-domains, alternative TLDs (.net, .org, .co), and common misspellings before squatters can. You can then use redirects to send this traffic back to your primary site.

Continuous monitoring

Monitor the web for new registrations that use your brand name or close variants. [Over 550 typosquats related to the 2020 U.S. presidential election were detected in 2019] (Digital Shadows).

Use security signals

Implement SSL certificates. A missing certificate or a browser warning can alert users that they are not on your legitimate, secure site.

Educate stakeholders

Inform customers and staff about the existence of phishing sites. If you detect a site impersonating your brand, notify your audience immediately through official channels.

Pursue legal action

Utilize established legal frameworks to reclaim domains. [Lego spent roughly US$500,000 on taking 309 cases through UDRP proceedings] (Domain Name Wire).

Common mistakes

  • Ignoring ccTLDs: Mistake: Only registering the .com version. Fix: Secure popular country-code extensions like .co or the extensions of your primary markets.
  • Focusing only on web traffic: Mistake: Overlooking email security. Fix: Be aware that squatters can harvest misaddressed emails sent to typo domains.
  • Slow response times: Mistake: Waiting until a site is active to take action. Fix: Use ICANN’s Trademark Clearinghouse to monitor brand usage in new domains.

Examples

  • Goggle.com: A famous early case targeting Google users. In 2006, it was a phishing site; later checks showed it serving adware and malware. [As of August 2025, goggle.com is no longer operational] (Wikipedia).
  • Magniber Ransomware: [The Magniber ransomware is distributed via typosquatting methods targeting Chrome and Edge users] (Malware News).
  • Air France: The domain "arifrance.com" was used to divert users to a discount travel site before Air France secured a malware warning redirect for it.
  • Blockchain Naming: A [2024 study of blockchain naming systems found thousands of cryptocurrency transactions mistakenly sent to squatting addresses] (IEEE).

Typosquatting vs. Cybersquatting

While related, these tactics have different goals:

Feature Typosquatting Cybersquatting
Primary Tactic Misspellings and typos Registering exact brand names
Primary Goal Phishing, malware, or ad revenue Selling the domain back for profit
Legal Status Prohibited under ACPA Prohibited under ACPA

FAQ

Can I get a typosquatted site taken down? Yes. Trademark holders can file a case through the Uniform Domain-Name Dispute-Resolution Policy (UDRP). You must prove the domain is confusingly similar to your trademark, the registrant has no legitimate interest, and the domain is being used in bad faith.

Is typosquatting illegal? In the United States, it is actionable under the Anticybersquatting Consumer Protection Act (ACPA). [The ACPA provides victims a right to statutory damages ranging from $1,000 to $100,000 per domain name] (Cornell Law).

How do scammers use typosquatting for phishing? Criminals copy the layout and logos of a real site, such as a bank, and then use the typosquatted URL in spam emails to trick users into entering their login credentials.

What is the "confusingly similar" standard? Courts use this phrase to determine if a domain name, including intentional misspellings, is likely to cause an internet user to reach an unintended site by mistake.

What is combosquatting? Combosquatting is a variation where no typo is made, but a legitimate-sounding word is added to the domain (e.g., "brand-support.com") to deceive the user.

Related Terms

Online Marketing

Brandjacking

170 monthly search volume

SEO

Cybersquatting

9.9k monthly search volume

SEO

Domain Name

201.0k monthly search volume

Web Development

Phishing

1.2m monthly search volume

Start Your SEO Research in Seconds

5 free searches/day • No credit card needed • Access all features

Create Free Account