Quick Answer
Typosquatting is registering domain names that are common misspellings or typos of legitimate brands (like "gogle.com" instead of "google.com"). Attackers use these domains to steal traffic, harvest credentials through phishing, distribute malware, or extort brand owners. Protection involves defensive domain registration (securing obvious typos yourself), trademark monitoring to detect new registrations, and legal remedies like UDRP when typosquatters target your brand. For established brands, proactive defense costs far less than reactive cleanup.
Table of Contents
- What is Typosquatting?
- How Typosquatting Works
- The Business Impact
- Common Typosquatting Patterns
- Defensive Registration Strategy
- Monitoring for Typosquatters
- Legal Remedies
- UDRP for Typosquatting
- Technical Protections
- Best Practices by Business Size
- Frequently Asked Questions
- Key Takeaways
- Next Steps
What is Typosquatting?
Typosquatting (also called URL hijacking or domain mimicry) is registering domain names that exploit common typing mistakes users make when entering legitimate website addresses.
Simple Example
Your brand: amazon.com
Typosquatter registers:
- amazn.com (missing letter)
- amazom.com (adjacent key)
- amazonn.com (double letter)
- amaz0n.com (number substitution)
When users accidentally type these mistakes, they land on the typosquatter's site instead of yours.
Typosquatting vs Cybersquatting
| Term | Definition | Example |
|---|---|---|
| Typosquatting | Registering typos/misspellings | gogle.com |
| Cybersquatting | Registering brand names in bad faith | YourBrandName.com |
| Combosquatting | Adding words to brands | amazon-deals.com |
These tactics often overlap—typosquatters are usually cybersquatting too, since they're targeting your trademark.
Scale of the Problem
Research estimates:
- Every major brand has hundreds of typosquat domains registered against it
- Top 500 websites average 300+ typosquat registrations each
- New typosquat domains are registered daily for trending brands
- Many remain dormant until the brand becomes valuable enough to monetize
How Typosquatting Works
The User Journey
- User intends to visit your legitimate website
- Types URL with mistake (fat-finger error, wrong spelling)
- Lands on typosquat domain instead
- Attacker's goal achieved (varies by attack type)
Attack Types
1. Advertising/Traffic Theft
- Typosquat shows ads
- Earns revenue from your customers' clicks
- May redirect to competitors
- Relatively low harm but ongoing revenue loss
2. Phishing/Credential Theft
- Mimics your login page
- Captures usernames/passwords
- Users believe they're on your site
- High risk: compromised customer accounts
3. Malware Distribution
- Prompts downloads or drive-by installations
- Users trust the "almost right" domain
- Can install ransomware, keyloggers, etc.
- Severe risk: legal liability for the brand
4. Affiliate Fraud
- Redirects to legitimate site with affiliate code
- Earns commission on sales
- Steals attribution from your marketing
- Medium harm: costs you money
5. Brand Extortion
- Registers typos and demands payment
- "Pay us or we'll use this for phishing"
- May point domain to embarrassing content
- Creates urgency to pay ransom
6. Competitor Advantage
- Redirects your typos to competitor
- Captures customers at point of purchase
- Especially damaging in competitive markets
- May violate competition laws
The Business Impact
Direct Costs
| Impact | Estimated Cost |
|---|---|
| Lost sales from diverted traffic | $10,000-$1M+/year (varies by brand) |
| UDRP filing fees | $1,500-$4,000 per domain |
| Legal fees (if litigation needed) | $10,000-$100,000+ |
| Defensive registrations | $500-$10,000/year |
| Monitoring services | $100-$500/month |
Indirect Costs
Customer trust damage:
- Customers phished via typosquat blame your brand
- "Your site gave me a virus" (it was the typosquat)
- Support costs handling confused customers
SEO impact:
- Typosquats may rank for your brand terms
- Confused linking to wrong domain
- Brand searches showing malicious results
Employee productivity:
- Time spent fighting typosquatters
- Ongoing monitoring and response
- Legal coordination
Case Study: Major Brand Impact
In 2019, security researchers found over 100,000 active typosquat domains targeting Fortune 500 companies. Many were actively phishing or distributing malware. The combined customer exposure risk was in the billions.
Common Typosquatting Patterns
Pattern 1: Missing Letters
Dropping a letter from the domain:
| Legitimate | Typosquat |
|---|---|
| google.com | gogle.com, googl.com |
| facebook.com | facebok.com, facbook.com |
| amazon.com | amazn.com, amzon.com |
Most common: Dropping letters from the middle of long words.
Pattern 2: Adjacent Key Errors
Hitting neighboring keyboard keys:
| Legitimate | Typosquat |
|---|---|
| google.com | googke.com, googoe.com |
| twitter.com | teitter.com, twittrr.com |
| paypal.com | payoal.com, paypak.com |
Keyboard layout: QWERTY layout determines likely mistakes.
Pattern 3: Double Letters
Adding an extra letter:
| Legitimate | Typosquat |
|---|---|
| google.com | gooogle.com, googgle.com |
| netflix.com | nettflix.com, netflixx.com |
| apple.com | appple.com, applee.com |
Common with: Words that already have double letters.
Pattern 4: Letter Swaps
Transposing adjacent letters:
| Legitimate | Typosquat |
|---|---|
| google.com | googel.com |
| amazon.com | amaozn.com |
| youtube.com | yotube.com |
Most common: Last few letters before .com.
Pattern 5: Wrong TLD
Using different domain extensions:
| Legitimate | Typosquat |
|---|---|
| company.com | company.co, company.cm |
| brand.com | brand.om, brand.net |
| store.com | store.corn (using .co.rn) |
Dangerous: .cm (Cameroon) and .co (Colombia) look similar to .com.
Pattern 6: Homoglyphs
Using similar-looking characters:
| Legitimate | Typosquat (using look-alikes) |
|---|---|
| paypal.com | paypa1.com (using "1" for "l") |
| apple.com | appIe.com (using "I" for "l") |
| google.com | goog1e.com, googIe.com |
Modern threat: Unicode characters that look identical to ASCII.
Pattern 7: Combosquatting
Adding common words:
| Legitimate | Combosquat |
|---|---|
| amazon.com | amazon-login.com, amazon-support.com |
| paypal.com | paypal-verify.com, paypal-secure.com |
| apple.com | apple-id.com, apple-support.com |
Especially dangerous: Often used for phishing with "login," "secure," "verify."
Defensive Registration Strategy
Tier 1: Essential (Register These)
Highest priority typos for your primary domain:
- Missing single letters (especially vowels)
- Adjacent key typos (e and r, o and p, etc.)
- Common misspellings of your brand word
- Wrong TLD (.co, .cm, .net, .org for your .com)
- Hyphenated version (your-brand.com)
Tier 2: Important (Register If Budget Allows)
- Double letter variants
- Letter transpositions
- Number substitutions (0 for o, 1 for l)
- Plural/singular (if you use one, register other)
- With/without "the" (thebrand.com vs brand.com)
Tier 3: Nice to Have
- Regional TLDs (.co.uk, .ca, .de for international brands)
- Industry TLDs (.shop, .store, .app if relevant)
- Alternate spellings (color vs colour)
- Abbreviations
How to Identify Your Typosquats
Manual method:
- Type your domain quickly 20 times
- Note every mistake you make
- Have others do the same
- Compile common errors
Automated tools:
- URLCrazy (generates typo variations)
- DNSTwist (checks registrations)
- TypoGenerator tools online
Cost-Benefit Analysis
| Approach | Domains | Cost/Year | Best For |
|---|---|---|---|
| Essential only | 5-10 | $50-150 | Small business |
| Important + Essential | 20-50 | $200-750 | Growing brand |
| Comprehensive | 100+ | $1,000-5,000 | Major brand |
Rule of thumb: If recovering one typosquat via UDRP costs $3,000, paying $500/year for defensive registrations is clearly worthwhile.
Monitoring for Typosquatters
Why Monitoring Matters
You can't defensively register everything. New typosquats appear constantly. Monitoring alerts you to:
- New registrations targeting your brand
- Changes to existing typosquats (going from parked to phishing)
- Patterns suggesting coordinated attacks
Monitoring Approaches
1. Manual Monitoring
- Check variations periodically
- Google your brand + "login" or "verify"
- Search certificate transparency logs
Limitations: Time-consuming, easy to miss threats
2. Automated Brand Monitoring
- Services scan for new registrations
- Alert when typosquats are registered
- Some provide takedown assistance
Examples: MarkMonitor, CSC, DomainTools
3. Certificate Transparency Monitoring
- SSL certificates are logged publicly
- Monitors detect when typosquat gets SSL cert
- SSL cert often means active phishing site
Tools: CertSpotter, Facebook CT Monitor
What to Do When You Find Typosquats
Assessment questions:
- Is it actively harmful (phishing, malware)?
- Is it monetizing traffic (ads, redirects)?
- Is it dormant (parked, for sale)?
- Does it impact customers or operations?
Response based on assessment:
| Situation | Response |
|---|---|
| Active phishing | Urgent: Report to registrar, host, browsers immediately |
| Malware distribution | Urgent: Same as phishing + notify customers |
| Advertising/traffic theft | File UDRP, send cease & desist |
| Parked/for sale | Evaluate purchase vs UDRP cost |
| Dormant | Monitor, consider UDRP if trademark clear |
Legal Remedies
Cease and Desist Letters
When to use: First step for non-urgent cases
Contents:
- Your trademark rights
- The infringing domain
- Demand to transfer or cancel
- Deadline to comply
- Consequences of non-compliance
Effectiveness: Sometimes works for amateur squatters; rarely works for professionals
Cost: $500-$2,000 if attorney-drafted
UDRP (Uniform Domain-Name Dispute-Resolution Policy)
When to use: Primary remedy for typosquatting
Requirements (must prove all three):
- Domain is identical/confusingly similar to your trademark
- Registrant has no legitimate rights or interests
- Domain registered and used in bad faith
Timeline: 2-3 months typically
Cost: $1,500-$4,000 filing fee + optional attorney
ACPA (Anticybersquatting Consumer Protection Act)
When to use: US federal lawsuit option
Advantages over UDRP:
- Can recover damages (up to $100,000 per domain)
- Jury trial option
- Stronger enforcement powers
Disadvantages:
- Expensive (litigation costs)
- Slower (court timeline)
- Must find/serve defendant
Best for: Cases where you want damages, not just the domain
Registrar Abuse Reports
When to use: For clearly abusive domains (phishing, malware)
Process:
- Find registrar's abuse contact
- Report with evidence of abuse
- Registrar may suspend domain
- Faster than UDRP for clear violations
Limitation: Registrar discretion; no guaranteed outcome
UDRP for Typosquatting
Why UDRP Works Well for Typosquatting
Typosquatting cases are strong UDRP candidates because:
- Identical/confusing similarity: Typos are by definition confusing
- No legitimate interest: Hard to claim you legitimately want "gooogle.com"
- Bad faith: The whole point is to exploit confusion
Evidence to Gather
| Requirement | Evidence Types |
|---|---|
| Your trademark | Registration certificates, use evidence, brand materials |
| Similarity | Side-by-side comparison, expert analysis if needed |
| No legitimate interest | WHOIS showing unrelated registrant, no business reason |
| Bad faith | Screenshots of use, pattern of registrations, demands for money |
Filing Process
- Choose provider: WIPO, NAF, or other ICANN-approved
- Prepare complaint: Follow template, attach evidence
- Pay filing fee: $1,500-$4,000 depending on provider and domain count
- Respondent reply: They have 20 days to respond
- Panel decision: Usually within 14 days of panel appointment
- Implementation: If you win, registrar transfers domain to you
Success Rates
Typosquatting UDRP cases win 85-95% of the time because:
- The bad faith is usually obvious
- Typosquatters often don't respond
- Panels understand the harm
Technical Protections
DMARC for Email Spoofing
Typosquatters may send email from typosquat domains pretending to be you:
Set up DMARC on YOUR domain:
_dmarc.yourdomain.com TXT "v=DMARC1; p=reject; rua=mailto:[email protected]"
This tells email providers to reject emails claiming to be from your domain if they fail authentication.
Browser/Security List Submissions
Get typosquats added to blocklists:
- Google Safe Browsing: Report at safebrowsing.google.com
- Microsoft SmartScreen: Report malicious sites
- PhishTank: Community phishing database
- APWG: Anti-Phishing Working Group
Certificate Transparency Monitoring
Monitor for SSL certificates issued to typosquats:
- Certificates are logged publicly
- Monitor for certs matching your brand patterns
- Active SSL often means active phishing
Free monitoring: crt.sh, Cert Spotter
DNS-Based Protections
For enterprises:
- Configure DNS to block known typosquats
- Use DNS filtering services
- Implement split-horizon DNS for internal users
Best Practices by Business Size
Small Business (1-10 Employees)
Budget: $200-500/year for domain protection
Actions:
- Register 5-10 most obvious typos of your main domain
- Set up Google Alerts for your brand name + "login"
- Ensure you own .com and .net versions minimum
- Report any active phishing immediately
Time: 1-2 hours/month monitoring
Medium Business (10-200 Employees)
Budget: $1,000-5,000/year
Actions:
- Register 20-50 defensive domains
- Subscribe to brand monitoring service
- Have legal template ready for C&D letters
- Quarterly audit of brand mentions and typosquats
- Consider UDRP budget for inevitable cases
Time: Assign responsibility to marketing or IT
Enterprise (200+ Employees)
Budget: $10,000-100,000+/year
Actions:
- Comprehensive defensive registration (100+ domains)
- Professional brand protection service (MarkMonitor, CSC)
- Dedicated brand protection staff or contractor
- Integration with security team for threat response
- Proactive UDRP program
- Legal on retainer for escalated cases
Time: Dedicated resources
Frequently Asked Questions
Can I sue typosquatters for damages?
Yes, under the ACPA (Anticybersquatting Consumer Protection Act) in the US, you can sue for up to $100,000 per domain in statutory damages. However, litigation is expensive and the defendant may be overseas and judgment-proof. UDRP is usually more practical for getting the domain; lawsuits are for when you want to deter or punish.
How much should I pay a typosquatter to go away?
Generally, you shouldn't pay—it encourages more typosquatting. UDRP typically costs $1,500-$4,000 and you win the domain without rewarding the squatter. The exception might be if the domain is critical and UDRP would take too long. Even then, don't pay more than UDRP would cost.
What if the typosquatter is in another country?
UDRP works globally regardless of where the registrant is located. The domain registrar must comply with UDRP decisions. For lawsuits, international enforcement is harder, but the domain itself can often be seized through UDRP without needing the registrant's cooperation.
Do I need a trademark to fight typosquatting?
Trademark registration helps significantly—it's clear evidence for UDRP. However, you can file UDRP based on common law trademark rights (unregistered but established through use). Having a registered trademark makes cases stronger and faster. If you're building a brand, register your trademark.
How do I know if a typosquat is phishing?
Check by:
- Visiting (carefully, in sandboxed browser) to see content
- Searching the domain in Google Safe Browsing
- Checking PhishTank database
- Looking at certificate transparency for suspicious SSL certs
- Customer reports of phishing emails
Should I try to buy typosquats before they're registered?
You can't buy domains that don't exist yet—but you can register them yourself as defensive registrations. This is the best strategy: register obvious typos before someone else does. It's cheaper than fighting for them later.
What about internationalized typosquatting (IDN homographs)?
IDN homograph attacks use Unicode characters that look like ASCII (Russian "а" looks like Latin "a"). Modern browsers show these in Punycode (xn--...) to prevent confusion. Register relevant IDN variants if your brand is targeted, and report homograph phishing to browsers and registrars.
Can employees' typos redirect to our real site?
Yes—if you own the typosquat domains, you can redirect them to your real site. This captures mistyped traffic instead of losing it. Set up 301 redirects from all defensive registrations to your primary domain.
How often do I need to check for new typosquats?
For small businesses, monthly manual checks are reasonable. For larger brands, use automated monitoring services that check daily or continuously. New typosquats can appear anytime—especially after PR events, product launches, or anything that increases brand searches.
Is it worth fighting parked/for-sale typosquats?
If you have a trademark and resources, yes. Even parked domains can be sold to bad actors. File UDRP to take control before they become active threats. The dormant typosquat today could be tomorrow's phishing site.
Key Takeaways
-
Typosquatting exploits user mistakes to divert traffic to malicious or competing sites—every brand with traffic is a target
-
Defensive registration is your first line of defense—register obvious typos before squatters do
-
Monitoring catches what you couldn't predict—new typosquats appear constantly
-
UDRP is effective and affordable for typosquatting—you'll typically win if you have trademark rights
-
Active phishing requires urgent response—report immediately to registrar, hosts, browsers
-
Cost of defense is far less than cost of cleanup—budget for protection, not just reaction
-
Redirect your defensive domains—capture mistyped traffic instead of losing it
Next Steps
Assess Your Exposure
- Generate typosquat variations of your domain
- Check which are registered against you
- Categorize by threat level (active phishing, parked, etc.)
- Prioritize response based on risk
Build Your Defense
- Register essential typosquats you don't already own
- Set up monitoring for new registrations
- Prepare UDRP templates for quick response
- Document your trademark rights
Related Guides
- Cybersquatting: What It Is and How to Fight It
- Domain Theft Prevention: Complete Security Checklist
- Domain Privacy Protection: Complete Guide
Research Sources
This article was researched using current information from authoritative sources: