Typosquatting

Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. A user accidentally entering an incorrect website address may be led to any URL, including an alternative website owned by a cybersquatter.

The typosquatter's URL will usually be similar to the victim's site address; the typosquatting site could be in the form of:

• A misspelling, or foreign language spelling, of the intended site
• A misspelling based on a typographical error
• A plural of a singular domain name
• A different top-level domain (e.g., .com instead of .org)
• An abuse of the Country Code Top-Level Domain (ccTLD) (.cm, .co, or .om instead of .com)

Similar abuses:

• Combosquatting – no misspelling, but appending an arbitrary word that appears legitimate, but that anyone could register.
• Doppelganger domain – omitting a period or inserting an extra period
• Appending terms such as sucks or -suckes to a domain name

Once on the typosquatter's site, the user may also be tricked into thinking that they are actually on the real site through the use of copied or similar logos, website layouts, or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site, for instance.