How Typosquatting Works
Typosquatters exploit predictable human behavior. When users type URLs manually, they make mistakes — transposing letters, hitting adjacent keys, or misspelling words. Attackers anticipate these errors and register the misspelled domains before anyone else.
The attacker then uses the domain for one or more malicious purposes: phishing (stealing login credentials), distributing malware, displaying ads for revenue, selling counterfeit goods, or simply redirecting traffic to a competitor.
Common Typosquatting Techniques
Character omission removes a letter: amazn.com instead of amazon.com. Users scanning quickly may not notice the missing character.
Character transposition swaps adjacent letters: gogole.com instead of google.com. This exploits fast typing where fingers hit keys in the wrong order.
Adjacent key substitution replaces a character with one next to it on the keyboard: facebool.com instead of facebook.com. The k and l keys are adjacent.
Added character inserts an extra letter: faceboook.com with an extra o. Doubled vowels are a common target because they look natural.
The Scale of the Problem
Typosquatting is not a niche threat. Research shows that major brands can have hundreds or thousands of typosquatting domains registered against them at any given time. These domains are registered cheaply ($10-15 each) and can be set up in minutes, making it a low-cost, high-reward attack for bad actors.
For brand owners, the challenge is monitoring the constantly growing domain landscape. New TLDs (like .shop, .online, .site) have multiplied the attack surface. Manual monitoring is no longer feasible — automation is required.
Typosquatting vs. Cybersquatting
While related, these are distinct threats. Cybersquatting is registering a domain identical to a trademark with the intent to profit from it — typically by selling it back to the brand owner. Typosquatting specifically relies on user typos and misspellings to capture traffic.