What You'll Learn
- What typosquatting is and how it harms your brand
- Common typosquatting patterns attackers use
- Defensive registration strategies
- Monitoring and detection methods
- Legal remedies when typosquatters target your brand
What is Typosquatting?
Typosquatting is registering domain names that are common misspellings or typos of legitimate brands. When users accidentally mistype your domain, they land on the typosquatter's site instead of yours.
Example -- your brand: amazon.com Typosquatter registers: amazn.com (missing letter), amazom.com (adjacent key), amazonn.com (double letter), amaz0n.com (number substitution).
Scale: Every major brand has hundreds of typosquat domains registered against it. Top 500 websites average 300+ typosquat registrations each.
How Typosquatters Profit
Advertising revenue: Display ads on the typo domain. Every accidental visitor generates ad revenue.
Phishing: Create a fake version of your site to steal login credentials from users who think they are on your real site.
Malware distribution: Serve malware downloads to visitors.
Affiliate fraud: Redirect visitors to your real site through affiliate links, earning commissions on purchases the visitor was going to make anyway.
Extortion: Register typo domains and demand payment from the brand owner to transfer them.
Common Typosquatting Patterns
Missing letters: gogle.com, facbook.com Adjacent key typos: goofle.com (f next to g), anazon.com (n next to m) Double letters: googgle.com, amazzon.com Transposed letters: gogole.com, amzaon.com Wrong TLD: amazon.cm (Cameroon instead of .com) Number substitution: g00gle.com, amaz0n.com Added words (combosquatting): amazon-deals.com, google-login.com
Defensive Registration Strategy
The most effective protection is registering common typo variants yourself and redirecting them to your main domain.
Priority registrations:
- Common misspellings (test with friends -- ask them to type your domain quickly)
- Adjacent-key typos for the first and last letters
- Missing common letters
- Wrong TLD variants (.cm, .co instead of .com)
- Plural/singular variations
Budget guidance:
- Small business: 5-10 defensive registrations ($50-150/year)
- Growing brand: 10-30 defensive registrations ($100-450/year)
- Major brand: 50-200+ defensive registrations ($500-3,000/year)
Monitoring for Typosquatters
Automated monitoring services can alert you when new domains similar to yours are registered. This enables early detection before typosquatters build infrastructure.
Manual checks: Periodically search for variations of your domain on WHOIS lookup tools.
Google Alerts: Set alerts for your brand name to detect phishing sites using your brand.
Legal Remedies
UDRP (Uniform Domain-Name Dispute-Resolution Policy): Cost: approximately $1,500. Timeline: 2-3 months. Must prove the domain is confusingly similar to your trademark, the registrant has no legitimate interest, and the domain was registered in bad faith.
ACPA (Anticybersquatting Consumer Protection Act): US court action. More expensive but can award damages up to $100,000 per domain. Available only in US courts.
Cease and desist letter: Often the cheapest first step. Many typosquatters will transfer the domain rather than face legal action. Have a trademark attorney draft the letter.
Key Takeaways
- Typosquatting exploits common typing mistakes to steal traffic from legitimate brands
- Attackers profit through ads, phishing, malware, affiliate fraud, or extortion
- Defensive registration of common misspellings is the most effective prevention
- Monitor for new typosquat registrations using automated services
- UDRP ($1,500) is the most cost-effective legal remedy for recovering typosquat domains
- Proactive defense costs far less than reactive cleanup
Next Steps
Typosquatting is one form of domain abuse. The next lesson covers cybersquatting -- the broader practice of registering trademarked names in bad faith -- and your legal options.
Deep Dive
The following sections provide additional detail, examples, and reference material.
What is Typosquatting?
Typosquatting (also called URL hijacking or domain mimicry) is registering domain names that exploit common typing mistakes users make when entering legitimate website addresses.
Simple Example
Your brand: amazon.com
Typosquatter registers:
- amazn.com (missing letter)
- amazom.com (adjacent key)
- amazonn.com (double letter)
- amaz0n.com (number substitution)
When users accidentally type these mistakes, they land on the typosquatter's site instead of yours.
Typosquatting vs Cybersquatting
| Term | Definition | Example |
|---|---|---|
| Typosquatting | Registering typos/misspellings | gogle.com |
| Cybersquatting | Registering brand names in bad faith | YourBrandName.com |
| Combosquatting | Adding words to brands | amazon-deals.com |
These tactics often overlap—typosquatters are usually cybersquatting too, since they're targeting your trademark.
Scale of the Problem
Research estimates:
- Every major brand has hundreds of typosquat domains registered against it
- Top 500 websites average 300+ typosquat registrations each
- New typosquat domains are registered daily for trending brands
- Many remain dormant until the brand becomes valuable enough to monetize
How Typosquatting Works
The User Journey
- User intends to visit your legitimate website
- Types URL with mistake (fat-finger error, wrong spelling)
- Lands on typosquat domain instead
- Attacker's goal achieved (varies by attack type)
Attack Types
1. Advertising/Traffic Theft
- Typosquat shows ads
- Earns revenue from your customers' clicks
- May redirect to competitors
- Relatively low harm but ongoing revenue loss
2. Phishing/Credential Theft
- Mimics your login page
- Captures usernames/passwords
- Users believe they're on your site
- High risk: compromised customer accounts
3. Malware Distribution
- Prompts downloads or drive-by installations
- Users trust the "almost right" domain
- Can install ransomware, keyloggers, etc.
- Severe risk: legal liability for the brand
4. Affiliate Fraud
- Redirects to legitimate site with affiliate code
- Earns commission on sales
- Steals attribution from your marketing
- Medium harm: costs you money
5. Brand Extortion
- Registers typos and demands payment
- "Pay us or we'll use this for phishing"
- May point domain to embarrassing content
- Creates urgency to pay ransom
6. Competitor Advantage
- Redirects your typos to competitor
- Captures customers at point of purchase
- Especially damaging in competitive markets
- May violate competition laws
The Business Impact
Direct Costs
| Impact | Estimated Cost |
|---|---|
| Lost sales from diverted traffic | $10,000-$1M+/year (varies by brand) |
| UDRP filing fees | $1,500-$4,000 per domain |
| Legal fees (if litigation needed) | $10,000-$100,000+ |
| Defensive registrations | $500-$10,000/year |
| Monitoring services | $100-$500/month |
Indirect Costs
Customer trust damage:
- Customers phished via typosquat blame your brand
- "Your site gave me a virus" (it was the typosquat)
- Support costs handling confused customers
SEO impact:
- Typosquats may rank for your brand terms
- Confused linking to wrong domain
- Brand searches showing malicious results
Employee productivity:
- Time spent fighting typosquatters
- Ongoing monitoring and response
- Legal coordination
Case Study: Major Brand Impact
In 2019, security researchers found over 100,000 active typosquat domains targeting Fortune 500 companies. Many were actively phishing or distributing malware. The combined customer exposure risk was in the billions.
Common Typosquatting Patterns
Pattern 1: Missing Letters
Dropping a letter from the domain:
| Legitimate | Typosquat |
|---|---|
| google.com | gogle.com, googl.com |
| facebook.com | facebok.com, facbook.com |
| amazon.com | amazn.com, amzon.com |
Most common: Dropping letters from the middle of long words.
Pattern 2: Adjacent Key Errors
Hitting neighboring keyboard keys:
| Legitimate | Typosquat |
|---|---|
| google.com | googke.com, googoe.com |
| twitter.com | teitter.com, twittrr.com |
| paypal.com | payoal.com, paypak.com |
Keyboard layout: QWERTY layout determines likely mistakes.
Pattern 3: Double Letters
Adding an extra letter:
| Legitimate | Typosquat |
|---|---|
| google.com | gooogle.com, googgle.com |
| netflix.com | nettflix.com, netflixx.com |
| apple.com | appple.com, applee.com |
Common with: Words that already have double letters.
Pattern 4: Letter Swaps
Transposing adjacent letters:
| Legitimate | Typosquat |
|---|---|
| google.com | googel.com |
| amazon.com | amaozn.com |
| youtube.com | yotube.com |
Most common: Last few letters before .com.
Pattern 5: Wrong TLD
Using different domain extensions:
| Legitimate | Typosquat |
|---|---|
| company.com | company.co, company.cm |
| brand.com | brand.om, brand.net |
| store.com | store.corn (using .co.rn) |
Dangerous: .cm (Cameroon) and .co (Colombia) look similar to .com.
Pattern 6: Homoglyphs
Using similar-looking characters:
| Legitimate | Typosquat (using look-alikes) |
|---|---|
| paypal.com | paypa1.com (using "1" for "l") |
| apple.com | appIe.com (using "I" for "l") |
| google.com | goog1e.com, googIe.com |
Modern threat: Unicode characters that look identical to ASCII.
Pattern 7: Combosquatting
Adding common words:
| Legitimate | Combosquat |
|---|---|
| amazon.com | amazon-login.com, amazon-support.com |
| paypal.com | paypal-verify.com, paypal-secure.com |
| apple.com | apple-id.com, apple-support.com |
Especially dangerous: Often used for phishing with "login," "secure," "verify."
Defensive Registration Strategy
Tier 1: Essential (Register These)
Highest priority typos for your primary domain:
- Missing single letters (especially vowels)
- Adjacent key typos (e and r, o and p, etc.)
- Common misspellings of your brand word
- Wrong TLD (.co, .cm, .net, .org for your .com)
- Hyphenated version (your-brand.com)
Tier 2: Important (Register If Budget Allows)
- Double letter variants
- Letter transpositions
- Number substitutions (0 for o, 1 for l)
- Plural/singular (if you use one, register other)
- With/without "the" (thebrand.com vs brand.com)
Tier 3: Nice to Have
- Regional TLDs (.co.uk, .ca, .de for international brands)
- Industry TLDs (.shop, .store, .app if relevant)
- Alternate spellings (color vs colour)
- Abbreviations
How to Identify Your Typosquats
Manual method:
- Type your domain quickly 20 times
- Note every mistake you make
- Have others do the same
- Compile common errors
Automated tools:
- URLCrazy (generates typo variations)
- DNSTwist (checks registrations)
- TypoGenerator tools online
Cost-Benefit Analysis
| Approach | Domains | Cost/Year | Best For |
|---|---|---|---|
| Essential only | 5-10 | $50-150 | Small business |
| Important + Essential | 20-50 | $200-750 | Growing brand |
| Comprehensive | 100+ | $1,000-5,000 | Major brand |
Rule of thumb: If recovering one typosquat via UDRP costs $3,000, paying $500/year for defensive registrations is clearly worthwhile.
Monitoring for Typosquatters
Why Monitoring Matters
You can't defensively register everything. New typosquats appear constantly. Monitoring alerts you to:
- New registrations targeting your brand
- Changes to existing typosquats (going from parked to phishing)
- Patterns suggesting coordinated attacks
Monitoring Approaches
1. Manual Monitoring
- Check variations periodically
- Google your brand + "login" or "verify"
- Search certificate transparency logs
Limitations: Time-consuming, easy to miss threats
2. Automated Brand Monitoring
- Services scan for new registrations
- Alert when typosquats are registered
- Some provide takedown assistance
Examples: MarkMonitor, CSC, DomainTools
3. Certificate Transparency Monitoring
- SSL certificates are logged publicly
- Monitors detect when typosquat gets SSL cert
- SSL cert often means active phishing site
Tools: CertSpotter, Facebook CT Monitor
What to Do When You Find Typosquats
Assessment questions:
- Is it actively harmful (phishing, malware)?
- Is it monetizing traffic (ads, redirects)?
- Is it dormant (parked, for sale)?
- Does it impact customers or operations?
Response based on assessment:
| Situation | Response |
|---|---|
| Active phishing | Urgent: Report to registrar, host, browsers immediately |
| Malware distribution | Urgent: Same as phishing + notify customers |
| Advertising/traffic theft | File UDRP, send cease & desist |
| Parked/for sale | Evaluate purchase vs UDRP cost |
| Dormant | Monitor, consider UDRP if trademark clear |
Legal Remedies
Cease and Desist Letters
When to use: First step for non-urgent cases
Contents:
- Your trademark rights
- The infringing domain
- Demand to transfer or cancel
- Deadline to comply
- Consequences of non-compliance
Effectiveness: Sometimes works for amateur squatters; rarely works for professionals
Cost: $500-$2,000 if attorney-drafted
UDRP (Uniform Domain-Name Dispute-Resolution Policy)
When to use: Primary remedy for typosquatting
Requirements (must prove all three):
- Domain is identical/confusingly similar to your trademark
- Registrant has no legitimate rights or interests
- Domain registered and used in bad faith
Timeline: 2-3 months typically
Cost: $1,500-$4,000 filing fee + optional attorney
ACPA (Anticybersquatting Consumer Protection Act)
When to use: US federal lawsuit option
Advantages over UDRP:
- Can recover damages (up to $100,000 per domain)
- Jury trial option
- Stronger enforcement powers
Disadvantages:
- Expensive (litigation costs)
- Slower (court timeline)
- Must find/serve defendant
Best for: Cases where you want damages, not just the domain
Registrar Abuse Reports
When to use: For clearly abusive domains (phishing, malware)
Process:
- Find registrar's abuse contact
- Report with evidence of abuse
- Registrar may suspend domain
- Faster than UDRP for clear violations
Limitation: Registrar discretion; no guaranteed outcome
UDRP for Typosquatting
Why UDRP Works Well for Typosquatting
Typosquatting cases are strong UDRP candidates because:
- Identical/confusing similarity: Typos are by definition confusing
- No legitimate interest: Hard to claim you legitimately want "gooogle.com"
- Bad faith: The whole point is to exploit confusion
Evidence to Gather
| Requirement | Evidence Types |
|---|---|
| Your trademark | Registration certificates, use evidence, brand materials |
| Similarity | Side-by-side comparison, expert analysis if needed |
| No legitimate interest | WHOIS showing unrelated registrant, no business reason |
| Bad faith | Screenshots of use, pattern of registrations, demands for money |
Filing Process
- Choose provider: WIPO, NAF, or other ICANN-approved
- Prepare complaint: Follow template, attach evidence
- Pay filing fee: $1,500-$4,000 depending on provider and domain count
- Respondent reply: They have 20 days to respond
- Panel decision: Usually within 14 days of panel appointment
- Implementation: If you win, registrar transfers domain to you
Success Rates
Typosquatting UDRP cases win 85-95% of the time because:
- The bad faith is usually obvious
- Typosquatters often don't respond
- Panels understand the harm
Technical Protections
DMARC for Email Spoofing
Typosquatters may send email from typosquat domains pretending to be you:
Set up DMARC on YOUR domain:
_dmarc.yourdomain.com TXT "v=DMARC1; p=reject; rua=mailto:[email protected]"
This tells email providers to reject emails claiming to be from your domain if they fail authentication.
Browser/Security List Submissions
Get typosquats added to blocklists:
- Google Safe Browsing: Report at safebrowsing.google.com
- Microsoft SmartScreen: Report malicious sites
- PhishTank: Community phishing database
- APWG: Anti-Phishing Working Group
Certificate Transparency Monitoring
Monitor for SSL certificates issued to typosquats:
- Certificates are logged publicly
- Monitor for certs matching your brand patterns
- Active SSL often means active phishing
Free monitoring: crt.sh, Cert Spotter
DNS-Based Protections
For enterprises:
- Configure DNS to block known typosquats
- Use DNS filtering services
- Implement split-horizon DNS for internal users
Best Practices by Business Size
Small Business (1-10 Employees)
Budget: $200-500/year for domain protection
Actions:
- Register 5-10 most obvious typos of your main domain
- Set up Google Alerts for your brand name + "login"
- Ensure you own .com and .net versions minimum
- Report any active phishing immediately
Time: 1-2 hours/month monitoring
Medium Business (10-200 Employees)
Budget: $1,000-5,000/year
Actions:
- Register 20-50 defensive domains
- Subscribe to brand monitoring service
- Have legal template ready for C&D letters
- Quarterly audit of brand mentions and typosquats
- Consider UDRP budget for inevitable cases
Time: Assign responsibility to marketing or IT
Enterprise (200+ Employees)
Budget: $10,000-100,000+/year
Actions:
- Comprehensive defensive registration (100+ domains)
- Professional brand protection service (MarkMonitor, CSC)
- Dedicated brand protection staff or contractor
- Integration with security team for threat response
- Proactive UDRP program
- Legal on retainer for escalated cases
Time: Dedicated resources
Frequently Asked Questions
Can I sue typosquatters for damages?
Yes, under the ACPA (Anticybersquatting Consumer Protection Act) in the US, you can sue for up to $100,000 per domain in statutory damages. However, litigation is expensive and the defendant may be overseas and judgment-proof. UDRP is usually more practical for getting the domain; lawsuits are for when you want to deter or punish.
How much should I pay a typosquatter to go away?
Generally, you shouldn't pay—it encourages more typosquatting. UDRP typically costs $1,500-$4,000 and you win the domain without rewarding the squatter. The exception might be if the domain is critical and UDRP would take too long. Even then, don't pay more than UDRP would cost.
What if the typosquatter is in another country?
UDRP works globally regardless of where the registrant is located. The domain registrar must comply with UDRP decisions. For lawsuits, international enforcement is harder, but the domain itself can often be seized through UDRP without needing the registrant's cooperation.
Do I need a trademark to fight typosquatting?
Trademark registration helps significantly—it's clear evidence for UDRP. However, you can file UDRP based on common law trademark rights (unregistered but established through use). Having a registered trademark makes cases stronger and faster. If you're building a brand, register your trademark.
How do I know if a typosquat is phishing?
Check by:
- Visiting (carefully, in sandboxed browser) to see content
- Searching the domain in Google Safe Browsing
- Checking PhishTank database
- Looking at certificate transparency for suspicious SSL certs
- Customer reports of phishing emails
Should I try to buy typosquats before they're registered?
You can't buy domains that don't exist yet—but you can register them yourself as defensive registrations. This is the best strategy: register obvious typos before someone else does. It's cheaper than fighting for them later.
What about internationalized typosquatting (IDN homographs)?
IDN homograph attacks use Unicode characters that look like ASCII (Russian "а" looks like Latin "a"). Modern browsers show these in Punycode (xn--...) to prevent confusion. Register relevant IDN variants if your brand is targeted, and report homograph phishing to browsers and registrars.
Can employees' typos redirect to our real site?
Yes—if you own the typosquat domains, you can redirect them to your real site. This captures mistyped traffic instead of losing it. Set up 301 redirects from all defensive registrations to your primary domain.
How often do I need to check for new typosquats?
For small businesses, monthly manual checks are reasonable. For larger brands, use automated monitoring services that check daily or continuously. New typosquats can appear anytime—especially after PR events, product launches, or anything that increases brand searches.
Is it worth fighting parked/for-sale typosquats?
If you have a trademark and resources, yes. Even parked domains can be sold to bad actors. File UDRP to take control before they become active threats. The dormant typosquat today could be tomorrow's phishing site.
Key Takeaways
-
Typosquatting exploits user mistakes to divert traffic to malicious or competing sites—every brand with traffic is a target
-
Defensive registration is your first line of defense—register obvious typos before squatters do
-
Monitoring catches what you couldn't predict—new typosquats appear constantly
-
UDRP is effective and affordable for typosquatting—you'll typically win if you have trademark rights
-
Active phishing requires urgent response—report immediately to registrar, hosts, browsers
-
Cost of defense is far less than cost of cleanup—budget for protection, not just reaction
-
Redirect your defensive domains—capture mistyped traffic instead of losing it
Next Steps
Assess Your Exposure
- Generate typosquat variations of your domain
- Check which are registered against you
- Categorize by threat level (active phishing, parked, etc.)
- Prioritize response based on risk
Build Your Defense
- Register essential typosquats you don't already own
- Set up monitoring for new registrations
- Prepare UDRP templates for quick response
- Document your trademark rights
Related Guides
- Cybersquatting: What It Is and How to Fight It
- Domain Theft Prevention: Complete Security Checklist
- Domain Privacy Protection: Complete Guide
Research Sources
This article was researched using current information from authoritative sources: