Cybersecurity Glossary

What Is Typosquatting?

Typosquatting is the use of domain names that imitate real brands, vendors, or login portals by relying on typing mistakes, swapped letters, extra characters, or lookalike words. Attackers use these domains to capture traffic, credentials, payments, or trust.

Learn More

Glossary Index Phishing & Social Engineering

Short definition

Typosquatting is a domain impersonation tactic where an attacker registers a web address that looks close to a legitimate domain. The fake site may host phishing pages, malware downloads, ads, credential forms, or fake support content.

At a glance: Typosquatting turns a small typing mistake or a lookalike link into a security risk.

Typosquatting Meaning

Typosquatting works because people often read domains quickly. A single missing letter, added hyphen, swapped character, or alternate top-level domain can be easy to miss in a message, search result, QR code, or browser bar.

Attackers may copy a login page, payment portal, vendor site, document share, or support page so the destination feels familiar. If the user signs in, downloads a file, or enters payment details, the attacker can collect information or redirect the user after the damage is done.

Typosquatting is closely related to domain spoofing and phishing because the fake domain gives the attacker a believable place to send people. It is a useful topic for phishing tests because employees need to practice reading URLs before they act.

How Typosquatting Works

A typosquatting attack usually combines a deceptive domain with a familiar request.

The attacker chooses a trusted target. They imitate a company, vendor, bank, software service, internal portal, or common login page.
A lookalike domain is registered. The domain may use a misspelling, extra character, omitted character, alternate extension, or visually similar word.
The site copies familiar cues. Logos, colors, forms, product names, and support language make the page feel legitimate.
Traffic is driven to the domain. The link may arrive by email, text, search ads, QR codes, chat, fake invoices, or social media.
The user action is captured. Credentials, MFA codes, payment details, downloads, or support requests can be collected or abused.

Common Typosquatting Examples

Typosquatting can appear in personal browsing and routine business workflows.

Fake login page: A domain with one changed letter hosts a copy of a Microsoft, payroll, VPN, or HR portal.
Vendor payment change: A lookalike supplier domain sends a banking update or invoice request.
Malicious download: A mistyped software domain offers a fake installer or browser extension.
Support impersonation: A fake help page asks users to call a number or install remote access software.
Ad or search result abuse: A paid result or spoofed listing points users to the fake domain before the real one.

Why Typosquatting Matters

Typosquatting matters because the domain can make a phishing message feel legitimate before the user studies the rest of the page. In business settings, that can affect payroll, finance, IT support, procurement, sales, and customer support workflows.

Training should connect URL inspection to real work. A cybersecurity awareness training program can teach users to slow down around links, bookmarks, invoices, and login prompts without making every normal task feel suspicious.

How to Reduce Typosquatting Risk

Reducing typosquatting risk requires both technical monitoring and user habits.

Use bookmarks for sensitive sites. Employees should use approved links for payroll, SSO, finance, and admin portals instead of typing domains from memory.
Inspect domains before login. Look at the registered domain, extension, spelling, and unexpected subdomains before entering credentials.
Monitor lookalike registrations. Security teams can watch for domains that imitate the organization, executives, products, and vendors.
Protect brand domains. Register critical variants where appropriate and enforce DMARC, takedown, and reporting processes.
Report suspicious links. Users should report odd domains even if they did not submit information.

Related Typosquatting Terms

Typosquatting often supports broader phishing and domain impersonation.

Domain Spoofing explains how attackers imitate trusted web and email domains.
Link Obfuscation covers tactics that hide where a link really goes.
Phishing Email shows how deceptive links fit into message-based attacks.

Typosquatting Takeaway

Typosquatting succeeds when a domain looks close enough to pass a quick glance. A few seconds of URL inspection can stop credential theft, payment fraud, and malware delivery.

Treat unexpected links as claims, not proof. Verify the domain before trusting the page.

Navigation

Back to Glossary View Category

FAQ

Questions Teams Ask About Typosquatting

Quick answers about fake domains, lookalike URLs, phishing risk, and prevention habits.

What is typosquatting?

Typosquatting is the use of misspelled, lookalike, or confusingly similar domain names to trick users into visiting a fake site.

Is typosquatting the same as domain spoofing?

They overlap. Typosquatting focuses on lookalike or mistyped domains, while domain spoofing can include broader email, web, and identity impersonation techniques.

Why do attackers use typosquatting?

It helps them make phishing pages, fake support sites, malware downloads, and payment fraud requests look more trustworthy.

How can employees avoid typosquatting?

They can use trusted bookmarks, inspect domains carefully, avoid unexpected login links, and report suspicious URLs.

Simulate realistic phishing attacks at the speed of AI, train users, and measure risk with AI Powered Insights.