Typosquatting (also called URL hijacking) targets users who mistype domain names.
Common typosquatting techniques
- Omission: gogle.com (missing 'o' from google.com).
- Repetition: gooogle.com (extra 'o').
- Substitution: googIe.com (capital 'I' for lowercase 'l').
- Transposition: gogle.com (swapped letters).
- Addition: googles.com (extra character).
- TLD variation: google.net instead of google.com.
- Homoglyphs: gооgle.com (Cyrillic 'о' instead of Latin 'o').
- Hyphenation: go-ogle.com or goo-gle.com.
Attacker motivations
- Phishing: Collect credentials via fake login pages.
- Malware distribution: Infect visitors with trojans/ransomware.
- Ad revenue: Display ads on typo domains for profit.
- Brand dilution: Damage competitor reputation.
- Affiliate fraud: Hijack referral commissions.
- Ransomware: Demand payment to transfer domain back.
Impact on organizations
- Lost revenue from misdirected traffic.
- Customer data theft and fraud.
- Brand reputation damage.
- Customer support costs.
- Legal expenses to recover domains.
Detection methods
- TLD enumeration: Check domain across all TLDs.
- Edit distance algorithms: Find similar domain strings.
- Certificate Transparency logs: Monitor newly issued SSL certs.
- WHOIS monitoring: Track new registrations.
- Brand monitoring services: Automated detection tools.
Legal remedies
- ACPA (US): Anticybersquatting Consumer Protection Act.
- UDRP: Uniform Domain-Name Dispute-Resolution Policy.
- Trademark law: Sue for infringement and damages.
- Cybersquatting takedowns: Report to registrars/ISPs.
Prevention strategies
- Register common typo variations proactively.
- Monitor new domain registrations.
- Implement HTTPS with HSTS to prevent mitm.
- Educate users about checking URLs carefully.
- Use browser bookmarks instead of typing.
- Deploy DMARC, SPF, DKIM for email protection.
Famous cases
- Goggle.com (targeting Google users).
- Youutube.com (targeting YouTube).
- Paypai.com (targeting PayPal users).
- Numerous banking site typos for phishing.
Related Articles
View all articlesSOC Alert Triage & Investigation Workflow | Complete Guide
Master the complete SOC alert triage lifecycle with this practical guide covering SIEM alert handling, context enrichment, threat intelligence correlation, MITRE ATT&CK mapping, and incident escalation. Learn industry frameworks from NIST, SANS, and real-world best practices to reduce MTTC by 90% and eliminate alert fatigue.
Read article →Subdomain Discovery Using Certificate Transparency Logs: A Complete Guide
Learn how security professionals use Certificate Transparency logs to discover hidden subdomains, map attack surfaces, and conduct thorough security reconnaissance. Includes defensive strategies to protect sensitive infrastructure.
Read article →How to Automate TLD Monitoring?
Learn to automate domain monitoring across multiple TLDs, detect suspicious registrations, and protect your brand proactively.
Read article →How can I monitor domains for security threats?
Implement comprehensive domain monitoring strategies to detect threats early, from DNS changes to malicious activity and brand impersonation.
Read article →Explore More Web Security
View all termsCORS (Cross-Origin Resource Sharing)
A browser security mechanism that controls how web pages can request resources from different domains, preventing unauthorized cross-site data access.
Read more →Cross-Site Request Forgery (CSRF)
An attack that tricks a victim into submitting unauthorized requests using their authenticated session.
Read more →Cross-Site Scripting (XSS)
A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Read more →HTML Entity Encoding
A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.
Read more →HTTP Cookie
Small pieces of data stored by web browsers, used for session management, personalization, and tracking.
Read more →HTTP Security Headers
Response headers that enable browser security protections against common web attacks.
Read more →