Typosquatting

By Brian Tham

View my portfolio: tham.ai

Published on 2025-04-21

What is Typosquatting?

Typosquatting is a form of cyber squatting where a domain name is registered that is similar to a legitimate domain name, but with a small typographical error. This can be done to trick users into visiting the wrong site, often for malicious purposes.

For your safety, this page does not contain any linking urls, I will only put the urls in plaintext.

How does it work?

Typosquatting works by registering domain names that are similar to popular websites, but with common typos. For example, if a user types "goggle.com" instead of "google.com", they may be directed to a typosquatted site that looks similar to Google, but is actually a malicious site.

Popular Examples

Here’s a lighthearted take on typosquatting:

• guthib.com - A site that displays "You spelled it wrong." in very large font. This site is meant to tell users who wanted to visit github.com that they have spelled it wrong

Other times they can be used to redirect users to the actual site, for example:

• gogle.com - A site that redirects users to google.com
• facebok.com - A site that redirects users to facebook.com
• instagrm.com - A site that redirects users to instagram.com

The above domains redirects according to the respective site based on my own checks at the time of publishing, do exercise caution if you are going to access those domain as they may change, for I do not know who owns the typosquatted domains and there could be potential malicious actors.

Malicious typosquatting

There are also typosquatted domains that are used to host malicious content, such as phishing sites or malware. These sites can be difficult to spot, as they often look very similar to the legitimate site.

For example, a typosquatted site may use a similar logo or color scheme to the legitimate site, making it difficult for users to tell the difference.

In some cases, typosquatting can also be used to steal personal information. For example, a user may be tricked into entering their login credentials on a typosquatted site, which can then be used to access their account on the legitimate site.

Typosquatting can also be used to spread malware. For example, a user may be tricked into downloading a malicious file from a typosquatted site, which can then infect their computer with malware.

Disclaimer

For safety purposes, I will not be linking to any of the malicious typosquatted domains as they may contain malware or other unwanted content. There are articles and research papers dedicated to discovering the creative methods of typosquatting. If you are interested in checking them out, please do so at your own risk.

How to protect yourself

To protect yourself from typosquatting, be sure to double-check the URL of any website you visit. Look for small typos or misspellings, and be cautious of sites that look similar to legitimate sites but have different domain names.

Conclusion

Typosquatting is a common tactic used by cybercriminals to trick users into visiting malicious sites. By being aware of this tactic and taking steps to protect yourself, you can help keep your personal information safe.

References

• Tomé, J. (2023, September 22). Typo traps: analyzing traffic to exmaple.com (or is it example.com?). The Cloudflare Blog. https://blog.cloudflare.com/typo-traps-analyzing-traffic-to-exmaple-com-or-is-it-example-com/
• Kaspersky. (n.d.). What is typosquatting? – Definition and explanation. Kaspersky Resource Center. https://www.kaspersky.com/resource-center/definitions/what-is-typosquatting
• McAfee. (n.d.). What is typosquatting? | McAfee. https://www.mcafee.com/learn/what-is-typosquatting/
• Kintis, P., Miramirkhani, N., Lever, C., Chen, Y., Romero‑Gómez, R., Pitropakis, N., & Antonakakis, M. (2017). Hiding in plain sight: A longitudinal study of combosquatting abuse. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 569–586). Association for Computing Machinery.