Beware the TypoSquatters

Tuesday, January 24, 2012

Theresa Payton


There are thousands of them on the web. TYPOSQUATTERS are people that purposely create a domain name based on frequent typos internet users make when they try to visit popular sites.

Sometimes typosquatters are just using it as a technique to drive traffic to their own business but you need to know about this for another reason - cybercriminals love to typosquat.

Because cybercriminals go where the action is, they wait for websites to get popular and then they register domain names based on popular mis-spellings of the real website.

Once the typosquatter lures you to their site, they use all types of tricks to get you to give them your personal information or to click on links so they can install malware on your computer.


1. The typosquatters love household brand names and large companies such as Walmart and Apple - the bigger they are, the more traffic that might come there way via a typo.

2. They can lure customers to these rogue sites and take information or infect their computers.

3. In some cases, they know that people will mis-spell the domain name for email accounts and they will read any emails sent to the wrong domain name.


  • Instead of some people typed in
  • became
  • was replaced with
  • with

Researchers at one firm set up typosquat domain names to test out a theory that people mis-spell domain names often on email addresses sent to companies.

In this test they were able to gather over 20 megabytes of information via emails sent with a typo in the email domain name!


1. Slow down: We are all multi tasking and surfing the net on various devices. Before you hit enter, double check the website.

2. Frequent visitors: Use bookmarks for sites you visit frequently.

3. Report: If you see typosquatting or suspect you have, report it to and to the actual merchant you were trying to visit. Most companies have a “contact us” form on the internet that you can use.

4. Beat the Typosquatters: If you own domain names, consider purchasing close spellings or popular mis-spellings of the domain.

Some companies are so worried about their customers that they purposely create mis-spelled domain names and send redirects to the correct site.

For example: If you accidentally type in, Amazon will redirect you to

This problem is so serious that Facebook has actually sued typosquatters for creating sites spelled similar to such as and


You can actually check for variations on a website name. Remember, not all variations of a website means they are criminals, some might be legitimate.

An interesting test you can try is on the Vera Labs site at:

Notes taken by: Theresa Payton, Fortalice, LLC. Content also to be featured in an upcoming episode of WBTV's Protecting Your Cyberturf with Kristen Miranda and Theresa Payton.

Cross-posted from Fortalice

Possibly Related Articles:
Information Security
fraud scams malware Social Engineering Domain Typosquatting Theresa Payton online safety Malicious URL Redirects
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.