How does typosquatting work?

Attackers identify popular domains and register common misspellings (e.g., "paypa1.com," "amaz0n.com") A convincing replica of the legitimate website is hosted on the typosquat domain Users who mistype the URL arrive at the fake site and may not notice the difference Credentials entered on the fake site are captured by the attacker Alternatively, the site may serve malware, ads, or redirect to other scam pages

How do I protect myself from typosquatting?

Bookmark important websites and use bookmarks instead of typing URLs Use a password manager — it will only auto-fill on the correct domain Look carefully at the URL bar before entering any credentials Use a browser with built-in typosquatting protection Use IsThisAScam to verify any URL you're unsure about

Home/Glossary/Typosquatting

Glossary · Attack Vector

What Is Typosquatting?

The practice of registering domain names that are slight misspellings or visual imitations of popular websites (e.g., "gogle.com" or "arnazon.com") to capture traffic from users who make typing errors.

Quick Definition

Think you've been targeted?

Paste the suspicious content here for an instant analysis.

No signup · 6 detection layers · Results in seconds · Cmd+Enter

01Typosquatting explained.

Typosquatting, also called URL hijacking, exploits the inevitable typing mistakes people make when entering web addresses. Attackers register domains with common misspellings, missing letters, or similar-looking characters of popular websites.

These fake domains host phishing pages, malware downloads, or advertising that generates revenue from misdirected traffic. Some typosquat domains are so convincing that victims don't realize they're on the wrong site even after entering their credentials.

A related technique called homograph attacks uses Unicode characters that look identical to Latin letters (e.g., using Cyrillic "а" instead of Latin "a") to create domain names that appear identical to the naked eye.

02How it works.

01Attackers identify popular domains and register common misspellings (e.g., "paypa1.com," "amaz0n.com")

02A convincing replica of the legitimate website is hosted on the typosquat domain

03Users who mistype the URL arrive at the fake site and may not notice the difference

04Credentials entered on the fake site are captured by the attacker

05Alternatively, the site may serve malware, ads, or redirect to other scam pages

03Real-world example.

Security researchers found over 550 typosquat domains targeting Amazon alone, including variations like "amaozn.com," "amazno.com," and "amazon-shop.com." Many hosted phishing pages that perfectly replicated Amazon's login page.

04How to protect yourself.

01Bookmark important websites and use bookmarks instead of typing URLs

02Use a password manager — it will only auto-fill on the correct domain

03Look carefully at the URL bar before entering any credentials

04Use a browser with built-in typosquatting protection

05Use IsThisAScam to verify any URL you're unsure about

Related Terms

Phishing Spoofing Pharming

Explore Scam Types

phishing romance crypto investment tech support delivery

Suspect Something?

Run a scan on the message you received.

Run a scan →