What Is Typosquatting?

Date First Published: 11th January 2022

Topic: Computer Networking

Subtopic: Network Identifiers

Article Type: Computer Terms & Definitions

Difficulty: Medium

Difficulty Level: 6/10

CONTENTS

Other Examples Of Typosquatting
Why Do People Register Misspellings Of Well-Known Domain Names?

Typosquatting is the act of registering misspellings or typos of common domain names in the hope that a user mistypes the URL and visits the typosquatted website. Such domains could 'phish' for other people's details and try to trick them into entering their sensitive information, distribute malware, or display technical support scams that use intentional false positives to convince users that their computers have problems when they actually don't.

Most companies take preventative measures against typosquatting by registering common misspellings of their domain name and redirecting it to their website before malicious users can register misspellings of their domain name as their own. For example, gogle.com, a misspelling of google.com, since it is missing an 'o' redirects to the official website.

Even though most companies redirect common misspellings of their domain to their official website, they cannot register every possible misspelling or typo of their domain name as it would cost them a lot of money to register all of those domain names. Typosquatting mostly targets users who type the URL of the website into their web browser rather than users that use search engines for finding a website. But, it is possible for typosquatted websites to appear in search engines or for users to get redirected to them by visiting malicious websites or by malware installed on their computers.

Note:

Like domain squatting, typosquatting comes from the words 'typo' and 'squatting'. The word 'squatting' means to occupy an unused area that the squatter does not own or have permission to use.

Other Examples Of Typosquatting

Other examples of typosquatting include:

Words that are spelt differently in British and American English. For example, htmlcolorcodes.com instead of htmlcolourcodes.com. Words that are spelt differently in British and American English could lead to users unintentionally typing the wrong URL in their browser.
Domain names that are separated with a hyphen. For example, you-tube.com instead of youtube.com.
Domain names that are registered with different extensions (top-level domains). For example, facebook.net instead of facebook.com. The TLD that is most commonly used for typosquatting is .co as it only requires users to forget an 'm' when typing .com at the end.

Why Do People Register Misspellings Of Well-Known Domain Names?

To steal other people's sensitive information - These types of websites are called phishing websites as they 'phish' for other people's details by tricking them into entering their personal information. These are commonly used by scammers to get hold of someone's details and buy items in their name.
To earn money from ads - Some people register typosquatted domains to earn revenue from ads or popups.
To distribute viruses and malware - Typosquatted websites can be designed to spread malware or other unwanted software to computers.