Typosquatting - the devil is in the detail

A few scrambled letters here, the wrong domain ending there, or a forgotten hyphen—such small deviations are all it takes to lead users to the wrong site. While these may seem like harmless mistakes, the reality can sometimes prove to be anything but. This is because many websites, especially popular ones, are targeted by typosquatters. Those operating such domains speculate on the carelessness of the internet community when it comes to correctly entering URLs and await their misguided guests with advertisements, malware, and phishing sites. We show how typosquatters set up their traps and how you can protect your web presence from this dubious business model.

What is typosquatting?

Typosquatting is a type of cybersquatting that involves registering domains with the intentionally misspelled names of popular web presences and filling these with more-or-less untrustworthy content. The typo-prone nature of many websites makes up the foundation of this business model. Manually entering domains into a browser search bar can result in the user being led to a squatted domain instead of the originally desired address. Operators of such sites rely on common typos, like exapmle.com, spelling errors, and will even resort to adding additional information or endings to popular domain names. Setting up a site aiming to siphon off users who’ve mistyped a particular name is an especially lucrative business models for fraudsters: these generally lead to web-optimized landing pages or pornographic content, which generate particularly high revenue streams for their owners. The worst case scenario that users may come across are counterfeit websites aiming for their personal data. And typosquatting doesn’t only present a problem to users: business owners are also affected, as every stolen visitor is a potentially lost customer. For this reason, it’s recommended to keep an eye on the most popular falsifications of your own website and, if possible, register them yourself.

  • Typos: perhaps the most common error when entering search information, typos are often the product of our rushed day-to-day lives. Those who normally type quickly and imprecisely or rely heavily on autocorrect are especially prone to becoming victims of these domain types. Such behavior can result in google.com becoming gogle.com, googel.com, or goggle.com. But the Californian market leader isn’t about to let any potential users slide through their hand so easily: Google made sure to quickly register all potential typo domains themselves. Users who access these are then forwarded to Google’s start page. The popular online encyclopedia, Wikipedia, failed to take initiative on this matter. Opportunists have since taken advantage of the online resource’s inaction by setting up misspelled variants of the site’s name; often these imposturous sites feature content of a much more questionable variety than that of their educational counterpart.
  • Spelling errors: it would be too easy to blame every online misadventure on the keyboard. Many popular websites are simply spelt incorrectly, and squatters are well aware of this fact. Fortunately, many businesses, such as Adidas, have managed to register misspelled variants of their site’s name before others could beat them to it. So thanks to redirects to the brand’s start page, calling up www.addidas.com shouldn’t pose any problem when looking for that jump suit or new pair of sambas.
  • Alternative spelling: Alternative spelling options of common product names or services have the potential to confuse internet visitors. For this reason, those wishing to set-up a fashion blog under the name www.my-favorite-new-look.fashion should also make sure to register the domain www.my-favourite-new-look.fashion so as not to miss out on any potential visitors who are used to reading and writing in British English.
  • Hyphenated domains: A series of incidents surrounding Paris Hilton showcases how hyphenated domains can be misused for typosquatting. Simply by adding a hyphen between her first and last name, site operators were able to capitalize on the hype surrounding the hotel heiress and attract visitors to the site. Hyphens can also be used supplement popular brand names with misleading information. For example, websites like www.amazon-onlinestore.com may sound correct, but in reality, they have nothing to do with the retail giant and are often used purely for advertising purposes or to spread malware.
  • Wrong domain endings: Ever since domain endings were first introduced, brand names and already-established domains have been combined with different endings in order to mislead internet users. Web operators launching websites under less frequently used domain endings, like .ca, or .mx, or .de should also consider registering other relevant top-level domains, such as .com, .shop, or .web, in order to prevent their brand from falling into the wrong hands. Typosquatters are especially fond of the Columbian top-level domain, .co, due to the similarity it shares with the most widely used TLD, .com.

The legal situation

Many instances of cybersquatting are illegal in the United States, and much of the legislation used to combat the practice is anchored in the Anticybersquatting Consumer Protection Act (ACPA). Enacted in 1999, the law aims to protect both consumers and trademark holders from those who, with a bad faith, intent to profit from the goodwill of another’s trademarks or use a domain name that’s confusingly similar to a distinctive mark. For more detailed information on the matter, you can check out a complete copy of the law by clicking here.

How to protect yourself and your visitors form typosquatters

While there is ample legislation in the United States to help protect your site from typosquatters, taking legal action can be costly in terms of both time and energy. Taking preventative measures to ensure that your site doesn’t become the target of a typo squatting scheme in the first place is highly recommended for those who think their site might be of interest to free riders.

Register typo versions of your domain before squatters do

When registering a domain for a product or service, many trademark owners try to nip the problem in the bud by registering potential typo variants of their desired domain as well. Website operators whose domain names are often misunderstood should also make sure to follow these steps. Once registered, misspelled domains can be easily be rerouted to the actual website with the help of redirects.

Reserve the different typo domains for your domain:

Domain Check
  • .com
  • .org
  • .us
  • .shop
  • .blog
  • .xyz

Use ICANN’s monitoring service

The introduction of new top-level domains (nTLDs) has made it even easier for squatters to target mistyped or misspelled versions of popular websites for their own private gain. Fortunately, ICANN’s trademark clearing house allows brand owners to find out how their names are being used within different domains. This service, however, is available exclusively to nationally or internationally registered brands.

SSL certificates build trust

These certificates are preventative measures that can be employed to help guide lost users back to the into the light. Website operators need to be able to signal to users that they are on the original site. SSL certificates don’t only protect users when data is transferred during a financial transaction; they also supply visitors with information on the site operator and the company responsible for issuing the certificate.


Want to make your website more secure? Learn more about SSL certificates from IONOS and how they increase your site’s trustworthiness.

We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.