What is typosquatting?

Typosquatting is what we call it when people - often criminals - register a common misspelling of another organization's domain as their own. For example: tailspintoy.com instead of tailspintoys.com (note the missing "s").

If you mistype or misspell the legitimate site you'll get the typosquatter's site instead and it may not always be obvious that you're not where you intended to go.

Note: Typosquatting is sometimes referred to as URL hijacking.

The reasons range from harmless to very harmful. Here are a few of them:

  • Pranks - Such as a parody page of the legitimate one.

  • Ads - To take you to a page that shows ads just to collect money for impressions or clicks.

  • Competition - Though it's highly unethical, and often illegal - companies could try and register the similar domain names to their competitors in hopes of redirecting customers to their own sites.

These first examples would be fairly easy to spot. If you meant to go to tailspintoys.com and ended up at wingtiptoys.com, a joke page, or a page full of ads instead, you would probably realize quickly that you're in the wrong place.

The next reason is far more dangerous, however.

  • Cybercrime - Criminals involved in phishing or malware often use typosquatting to snare unsuspecting people by directing them to a site that may look like the real site, but actually tries to steal personal information or install malware.

Sites using typosquatting to commit cybercrime will often look very much like the real site, in fact the criminals often "copy and paste" the real site to make it more likely innocent people will be fooled into giving up their personal information or downloading a malicious file.

  • Whenever possible go to your important sites like banking, social media, or shopping from your own saved favorites, rather than by typing them into the address bar of the browser each time.

  • If you do have to type an address into the address bar type carefully and double-check that what you typed matches the address you intended to go to before you continue.

  • If you're typing in an address you've gone to before your browser may offer to complete the address for you. Give it a quick look but it's usually safer to accept that suggestion.

  • Never click a link you weren't expecting in an email or other message, even if it appears to come from a trusted person or organization.

  • If you have to click on a link look carefully at the address it's going to take you to. Usually just hovering your mouse pointer over the address will show you what address the link will really take you to.

    Watch for subtle spelling differences such as "woodgrowebank.com" instead of "woodgrovebank.com" or letters that have been substituted for numbers such as "c0ntoso.com". Adding, or removing, an "s" at the end of the domain name is another common trick.

    There may also be less-subtle differences, like adding a word or some punctuation to a legitimate domain name. "woodgrove-bank.com" or "thewoodgrovebank.com" are two examples of how typosquatters may try to trick you into visiting a fake versions of the woodgrovebank.com website.

Review, and if appropriate select, the provided suggestion, or close that browser tab and start again.

Protect yourself from phishing

Microsoft security help and learning

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

×