Member-only story
Typosquatting — what happens when you mistype a website
Typosquatting is a perfect use case because when people look at URLs and internalize their own misspellings, they are more likely to confuse the website the user visits in the email with the website they associate with the brand.
Typosquatting, or URLs hijacking, is a form of cybersquatting aimed at people who misenter web page addresses in their web browser URL fields. Compared to the typosquatting practice, cybersquatting involves the purchase of domain names to make money on the popularity or reputation of a particular brand or company. The aim is to get users to visit malicious websites with URLs, which often contain spelling mistakes from legitimate websites. Attackers register URLs with one-character deviations from popular websites, and if a user misspells a domain or enters it into his browser, they are taken to a fraudulent site.

Typosquatting is the use of modified or misspelled domain names to entice users to visit fraudulent websites. This is a form of cybersquatting targeting users who misspell URLs while typing the word “typo” in their web address lines. The purpose of the practice is to register and search for website URLs that are similar to real URLs of established brands, including typos, spelling mistakes, variations of false top-level domain (TLDs), etc.
Typosquatting is especially dangerous for users who type in the wrong domain for the site that is embodied. If a user makes an error when entering a domain name and does not notice the error, they could end up on an alternative website established by cybercriminals. In the case of phishing emails sent by fraudsters who have faked legitimate websites, typographical domain names make palatable bait.
In the past, celebrities like Madonna, Paris Hilton, and Jennifer Lopez have fallen victim to typosquatting, where domains and websites with variations on their names are used to place porn ads and affiliate links to fool unsuspecting fans. Typosquatting attacks are also known as URL hijacking, spiky pages, domain mimicry, fake URLs and are a type of social engineering in which threat actors fake legitimate domains for malicious purposes…