www.kaspersky.com Open in urlscan Pro
4.59.181.140  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Solutions for:
 * Home Products
 * Small Business 1-50 employees
 * Medium Business 51-999 employees
 * Enterprise 1000+ employees

Solutions for:
 * Home Products
 * Small Business 1-50 employees
 * Medium Business 51-999 employees
 * Enterprise 1000+ employees



Kaspersky
 * 
 * My Kaspersky




 * Products
   * NEW
     Kaspersky
     Security Cloud
     
     Your gateway to all our best protection. Access our best apps, features and
     technologies under just one account. Get antivirus, anti-ransomware,
     privacy tools, data leak detection, home Wi-Fi monitoring and more.
     
     Learn moreFree trial
     Kaspersky
     Total Security
     
     Premium security & antivirus suite for you & your kids – on PC, Mac &
     mobile
     
     Learn moreFree, 30-day trial
     Kaspersky
     Internet Security
     
     Advanced security & antivirus suite for your privacy & money – on PC, Mac &
     mobile
     
     Learn moreFree, 30-day trial
     Kaspersky
     Internet Securityfor Mac
     
     Advanced security against identity thieves and fraudsters
     
     Learn moreFree, 30-day trial
     Kaspersky
     Internet Securityfor Android
     
     Advanced security – for your privacy & sensitive data on your phone or
     tablet
     
     Learn moreGet it on Google Play
     Kaspersky
     Anti-Virus
     
     Essential antivirus for Windows – blocks viruses & cryptocurrency-mining
     malware
     
     Learn moreFree, 30-day trial
     Free Tools
      * Kaspersky Security Cloud – Freenew
      * Kaspersky Password Manager
      * Kaspersky VPN Secure Connectionnew
      * Kaspersky Safe Kids
      * Kaspersky QR Scanner
      * Kaspersky Battery Life
      * View More
 * Renew
 * Downloads
 * Support
 * Resource Center
 * Blog
   * Business
   * News
   * Privacy
   * Products
   * Special Projects
   * Technology
   * Threats
   * Tips



HomeHome SecurityResource CenterDefinitions


WHAT IS TYPOSQUATTING? – DEFINITION AND EXPLANATION


TYPOSQUATTING – MEANING AND DEFINITION

Typosquatting is a type of social engineering attack which targets internet
users who incorrectly type a URL into their web browser rather than using a
search engine. Typically, it involves tricking users into visiting malicious
websites with URLs that are common misspellings of legitimate websites. Users
may be tricked into entering sensitive details into these fake sites. For
organizations victimized by these attackers, these sites can do significant
reputational damage.

The ‘typo’ in typosquatting refers to the small mistakes people can make when
typing on a keyboard. Typosquatting is also known as URL hijacking, domain
mimicry, sting sites, or fake URLs.


WHAT IS TYPOSQUATTING?

Typosquatting is a form of cybercrime that involves hackers registering domains
with deliberately misspelled names of well-known websites. Hackers do this to
lure unsuspecting visitors to alternative websites, typically for malicious
purposes. Visitors may end up at these alternative websites through one of two
ways:

 1. By inadvertently mistyping the name of popular websites into their web
    browser – e.g. gooogle.com instead of google.com.
 2. Being lured to them as part of a broader phishing attack.

The hackers may emulate the look and feel of the sites they are attempting to
mimic hoping that users will divulge personal information such as credit card or
bank details. Or the sites may be well-optimized landing pages containing
advertising or pornographic content, which generate high revenue streams for
their owners.

Typosquatting is not only a problem for users – business owners are also
affected, not least because every stolen visitor is potentially a lost customer.
For this reason, companies and organizations should keep an eye on
falsifications of their website and take action where appropriate.


HOW DOES TYPOSQUATTING WORK?

Typosquatting attacks start with cybercriminals buying and registering a domain
name that is a misspelling of a popular website (some cybercriminals go so far
as to buy multiple URLs.) For example, instead of purchasing example.com, the
cybercriminal might buy examplle.com or exmple.com.

A typosquatting domain becomes dangerous when real users start visiting the
site. They may have typed the URL by mistake. Or they may have been lured there
by a phishing scam, typically over email, which contains a link to the
typosquatted website.

Often, the fake site is designed to mimic the real version, using the real
organization’s logo and design. Users who do not realize they are visiting a
fake website may be tricked into entering sensitive information, such as their
username and password or their bank or credit card details. The hackers can
access this information and, if the victim uses the same username and password
across multiple sites, then other online accounts will be at risk.

To a large extent, typosquatting relies on confusion or simple human error, such
as:


TYPOS:

Perhaps the most common error when entering search information, typos are often
the product of our rushed day-to-day lives. Those who usually type quickly and
imprecisely or rely heavily on autocorrect are especially prone to becoming
victims of these domain types – for example, typing gogle.com instead of
google.com.



SPELLING ERRORS:

Sometimes a user has not made a typo but is unaware of the correct spelling of a
brand name, and squatters are well aware of this fact. For this reason, many
businesses register misspelled variants of their site’s name before others can
beat them to it – and then redirect these misspelled versions to their real
homepage.


ALTERNATIVE SPELLINGS:

Alternative spelling options of common product names or services have the
potential to confuse internet visitors. For example, there are variations
between American English and British English – such as the word “favorite,”
which is spelled “favourite” in British English. If your web address contains a
word that is spelled differently in other countries, this could lead to a user
inadvertently typing the wrong URL into their browser.



HYPHENATED DOMAINS:

The addition (or omission) of a hyphen in a domain name can also cause
confusion. For example, if the URL is usually example-onlineshop.com,
typosquatters might add an extra hyphen to deceive users – e.g.
example-online-shop.com. At a glance, users may think this is the genuine site
when in reality typosquatters are using it for malware or advertising purposes.



WRONG DOMAIN ENDINGS:

The range of domain endings for different countries, such as .com,.co.uk, .cn,
etc, and also for different types of organizations – i.e. .com, .org, .web,
.shop – creates further scope for typosquatting. This is why it is important for
website operators to register a range of top-level domains to prevent different
permutations from falling into the wrong hands. Typosquatters are especially
fond of the Columbian top-level domain, .co, due to its similarity with the most
widely used TLD, .com.


TYPES OF TYPOSQUATTING

The most common uses of typosquatted domains include:


IMITATORS:

As outlined above: the scam website passes itself off as the real thing,
portraying itself as the correct site. For example, if the site is emulating a
well-known bank, it will adopt the logo, color scheme, and page layout of that
bank. The purpose of an imitator site is to host a phishing scam, gathering
log-in credentials and personal data.


BAIT AND SWITCH:

The fake website purports to sell you something you might have bought at the
correct URL. Often, these are digital purchases that are difficult to dispute on
a credit card statement. The buyer does not receive the item they want, but they
will still pay for it.


RELATED SEARCH RESULTS LISTING:

The owner uses traffic meant for the real site to drive traffic to competitors,
charging them on a cost-per-click basis.


MONETIZE TRAFFIC:

Fake website owners host advertisements or pop-ups to generate advertising
revenue from webpage visitors.


SURVEYS AND GIVEAWAYS:

The fake site pretends to be gathering customer feedback. In reality, its
purpose is to collect enough information or data to carry out identity theft.


AFFILIATE LINKS:

The fake site redirects traffic back to the brand through affiliate links to
earn a commission from all purchases via the brand's legitimate affiliate
program.


INSTALL MALWARE:

The malicious website installs malware or adware on the devices of visitors.


JOKE SITES:

These sites ridicule or make fun of the existing site that the user intended to
visit. The motivation in this instance is often revenge.


CYBERSQUATTING VS TYPOSQUATTING

A similar cybercrime to typosquatting is cybersquatting, also known as domain
squatting. In this case, a person purchases URLs that have similar spellings to
other websites and brands. Typically, the motivation is not to build a website
at the address but to sell the URLs to the owners of the authentic websites and
brands for maximum profit.

Because companies want to protect their customers and brands, many feel
compelled to buy URLs from cybersquatters and are often prepared to pay a
premium to do so. This makes cybersquatting a profitable activity since it is
often quite cheap for the cybersquatter to register domains for most TLDs.

Cybersquatters want to make easy money. Typosquatters go further by wanting to
hack into a person’s computer, so the victim is vulnerable to identity theft and
security breaches.

A variation on typosquatting is called combosquatting. This is where criminals
register domains that are slightly different to legitimate domains by adding
extra words, such as, amazon-onlineshop.com to confuse users into thinking it is
a legitimate Amazon website. In this instance, no typos are involved, merely the
presence of additional words to deceive users.


TYPOSQUATTING EXAMPLES

One of the earliest and most famous examples of typosquatting attacks involved
Google. In 2006, typosquatters registered the site Goggle.com, which was
operated as a phishing site. Over the years, variations on Google’s name –
foogle, hoogle, boogle, yoogle (all chosen for their proximity to the letter “g”
on qwerty keyboards) have been registered in an attempt to divert some traffic
from the search engine.

In the past, celebrities including Madonna, Paris Hilton, and Jennifer Lopez
have fallen victim to typosquatting domains – with websites set up using
variations of their name but used to host porn or ads or affiliate links, to
trick unsuspecting fans.

In the run-up to the 2020 US presidential election, it was reported that a
number of candidates had typosquatting domains set up in their names by
criminals with a variety of malicious motivations.


HOW TO PROTECT YOURSELF AGAINST TYPOSQUATTING

For individuals, you can minimize the risk of falling victim to typosquatting
by:

 * Avoid clicking on links in unexpected emails, text messages, chat messages,
   or on unknown websites. Be careful when clicking on links in social media –
   when in doubt, avoid clicking.
 * Avoid opening email attachments unless you are sure of the source and sender.
 * Use antivirus software to monitor and protect against malware.A comprehensive
   cybersecurity program such as Kaspersky Total Security will help detect
   threats across the board and provide malware protection.
 * Hover over links and carefully inspect URLs before clicking on them. When
   inspecting a link, make sure you look for missing or extra letters/words,
   incorrect spelling, hyphens, and the suffix of the URL (i.e. google.com vs
   google.mailru.co).
 * Bookmark your favorite sites so you can visit them directly without having to
   type in the URL into your web browser.
 * Alternatively, navigate your way to websites by searching for them via search
   engines and then clicking on the URL from the results page.
 * Use voice recognition software to go to popular URLs.
 * Leave some or all of the sites you visit every day open in your browser tabs
   – most popular browsers offer the option to continue where you left off or to
   specify a set of sites to start with.
 * Use a safe search tool rather than typing URLs directly.

For organizations, the best strategy is to try to stay ahead of typosquatting
attacks:


REGISTER TYPO VERSIONS OF YOUR DOMAIN BEFORE SQUATTERS DO

Purchase important and obvious typo-domains and redirect these to your website.
In addition, register other country extensions and other relevant top-level
domains, alternate spellings, and variants with and without hyphens. Once
registered, misspelled domains can easily be rerouted to the actual website with
the help of redirects.


USE ICANN’S MONITORING SERVICE

ICANN is the Internet Corporation for Assigned Names and Numbers. Website owners
can use ICANN’s Trademark Clearing House to find out how their names are being
used within different domains. This service is available to nationally or
internationally registered brands.


USE SSL CERTIFICATES TO SIGNAL TRUST

SSL certificates are an excellent way to signal that your website is legitimate.
They tell the end-user who they are connected with and protect user data during
transfer. A missing SSL certificate can be a sign you have been taken to an
alternative website.


NOTIFY STAKEHOLDERS

If you believe someone is impersonating (or preparing to impersonate) your
organization, let your customers, staff, or other relevant parties know to look
out for suspicious emails or a phishing website.


GET SUSPICIOUS WEBSITES OR MAIL SERVERS TAKEN DOWN

The process for getting a website taken down varies by jurisdiction, but a great
place to start is ICANN’s Uniform Domain Name Dispute Resolution policy. This
outlines the process for trademark holders to raise complaints in order to have
disputed sites taken down.

While legislation in the US and other jurisdictions can help protect websites
from typosquatters, taking legal action can be costly in terms of both time and
energy. Taking preventative measures to ensure that your site does not become
the target of typosquatting attacks in the first place is highly recommended. As
with most forms of cyberattack, the key to preventing typosquatting is constant
vigilance. Your website visitors rely on you to identify and shut down any scam
sites operating under your name – if you don’t, you could lose their trust.

Related Articles:

 * What Are SSL Certificates?
 * What are the different types of ransomware?
 * Ways hackers can violate your online privacy
 * What Are Scam Websites and How to Avoid Scam Websites


WHAT IS TYPOSQUATTING? – DEFINITION AND EXPLANATION

Kaspersky
Typosquatting, also known as URL hijacking, is a social engineering attack that
purposely uses misspelled domains for malicious purposes. Learn the risks.



FEATURED ARTICLES


WHAT IS A PUP?


WHAT IS A PACKET SNIFFER?


WHAT IS ZERO-CLICK MALWARE, AND HOW DO ZERO-CLICK ATTACKS WORK?


WHAT IS A DIGITAL FOOTPRINT? AND HOW TO PROTECT IT FROM HACKERS


WEP, WPA, WPA2 AND WPA3: DIFFERENCES AND EXPLANATION




 * PROTECTING YOU, YOUR FAMILY & MORE
   
   Get the Power to Protect. Discover how our award-winning security helps
   protect what matters most to you.


 * GET FREE TOOLS
   
   Our FREE security tools and more can help you check all is as it should be…
   on your PC, Mac or mobile device.


 * WE’RE HERE TO HELP
   
   Helping you stay safe is what we’re about – so, if you need to contact us,
   get answers to some FAQs or access our technical support team, click here.


 * WHO WE ARE
   
   Find out why we’re so committed to helping people stay safe… online and
   beyond.


 * GET YOUR FREE TRIAL
   
   Try Before You Buy. In just a few clicks, you can get a FREE trial of one of
   our products – so you can put our technologies through their paces.


 * RENEW YOUR LICENSE
   
   Save up to 30% when you renew your license or upgrade to another Kaspersky
   product


 * STAY IN TOUCH
   
   

HOME PRODUCTS

 * Kaspersky Anti-Virus
 * Kaspersky Android Antivirus
 * Kaspersky Internet Security
 * Kaspersky Total Security
 * Kaspersky Security Cloud
 * Kaspersky VPN Secure Connection
 * Free Antivirus
 * All Products

SMALL BUSINESS PRODUCTS

(1-50 employees)
 * Kaspersky Small Office Security
 * Kaspersky Endpoint Security Cloud
 * All Products

MEDIUM BUSINESS PRODUCTS

(51-999 employees)
 * Kaspersky Endpoint Security Cloud
 * Kaspersky Endpoint Security for Business Select
 * Kaspersky Endpoint Security for Business Advanced
 * All Products

ENTERPRISE SOLUTIONS

(1000+ employees)
 * Cybersecurity Services
 * Threat Management and Defense
 * Endpoint Security
 * Hybrid Cloud Security
 * Cybersecurity Training
 * Threat Intelligence
 * All Solutions

© 2022 AO Kaspersky Lab. All Rights Reserved. • Privacy Policy • Anti-Corruption
Policy • Licence Agreement B2C • Licence Agreement B2B


 * Contact Us
 * About Us
 * Partners
 * Blog
 * Resource Center
 * Press Releases
 * Sitemap

Select your country
Global
 * Americas
 * América Latina
 * Brasil
 * United States
 * Canada

 * Africa
 * Africa
 * Afrique Francophone
 * Algéria
 * Maroc
 * South Africa
 * Tunisia

 * Middle East
 * Middle East
 * الشرق الأوسط

 * Western Europe
 * Belgique & Luxembourg
 * Danmark
 * Deutschland & Schweiz
 * España
 * France
 * Italia & Svizzera
 * Nederland
 * Norge
 * Österreich
 * Portugal
 * Sverige
 * Suomi
 * United Kingdom

 * Eastern Europe
 * Česká republika
 * Magyarország
 * Polska
 * România
 * Srbija
 * Türkiye
 * Ελλάδα (Greece)
 * България (Bulgaria)
 * Россия и Белару́сь (Russia & Belarus)
 * Україна (Ukraine)

 * Asia & Pacific
 * Australia
 * India
 * New Zealand
 * Việt Nam
 * ไทย (Thailand)
 * 한국 (Korea)
 * 中国 (China)
 * 中国香港 (Hong Kong)
 * 中国台灣 (Taiwan)
 * 日本語 (Japan)

 * For all other countries
 * Global Website

We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.

Accept and Close