← Back to detection methods

Typosquatting

Detecting domains that exploit common typing mistakes to impersonate legitimate brands.

What is Typosquatting?

Typosquatting (also known as URL hijacking) is the practice of registering domain names that are common misspellings of legitimate brands. Attackers exploit the fact that users frequently make typing errors when entering URLs directly into their browser.

These malicious domains can serve fake login pages, distribute malware, display competitor ads, or collect personal information from unsuspecting users who think they're on the legitimate site.

Common Typosquatting Techniques

Character Omission

Removing one or more characters from the domain name, exploiting fast typing or autocorrect failures.

facebook.comfacbook.com(missing 'e')
amazon.comamzon.com(missing 'a')

Character Duplication

Adding extra characters, typically from holding down a key too long or double-tapping.

google.comgooogle.com(extra 'o')
apple.comappple.com(extra 'p')

Character Swap

Transposing adjacent characters, one of the most common typing errors.

paypal.compaypla.com(swapped 'al')
microsoft.commicrsooft.com(swapped 'os')

Number Substitution

Replacing letters with visually similar numbers or vice versa.

outlook.com0utlook.com(o → 0)
ebay.com3bay.com(e → 3)

How We Detect Typosquatting

We monitor Certificate Transparency logs for newly registered domains and check them against common typing mistake patterns for your keywords.

  • We scan for omissions, duplications, character swaps, and number substitutions
  • Adjacent key errors on QWERTY keyboards are also detected
  • You get notified within minutes when a suspicious domain appears

Adjacent Key Errors

Users often hit keys adjacent to their intended target on QWERTY keyboards. We account for these patterns:

amazon.comanszon.com(m→n, a→s adjacent keys)
twitter.comtwotter.com(i→o adjacent keys)
netflix.comnrtflix.com(e→r adjacent keys)

Why Typosquatting is Effective

  • Fast typing: Users typing quickly are prone to errors, especially on mobile devices
  • Autocomplete failures: Browsers don't always catch typos before users hit enter
  • Muscle memory: Common typing patterns can lead to consistent errors
  • Minimal visual difference: Many typos look almost correct at a glance

Real Impact

Typosquatting attacks have affected major brands:

A study found that typosquatting domains receive millions of visitors annually, with attackers monetizing traffic through ads, malware distribution, or credential theft.

Financial institutions are prime targets, with attackers creating typo variants of banking sites to steal login credentials and credit card information.

Learn More

Explore our other detection methods to understand how we provide comprehensive brand protection:

Levenshtein Distance →Homograph Attacks →Combosquatting →