Skip to content

Typosquatting: How simple spelling errors can be used to hack your brand

Cybercriminals use typos to phish, scam, and defraud businesses. Here’s how to stop the top scams.

Photo by Erik Mclean / Unsplash

Typosquatting is a social engineering tactic that targets internet users who unwittingly mistype their intended URL directly into their web browser. By registering common misspellings of well-known brands' domains as their own (e.g.,, cybercriminals seek to trick users into visiting fraudulent websites.

Scammers often use a variety of established tactics and techniques to trick users:

  1. Phishing: A lookalike site can imitate the look and feel of a user's intended destination to deceive victims into providing their personally identifiable information, including credit cards or passwords.
  2. Malware: Initiate an immediate 'drive-by-download' of malicious software onto the victim's device upon their visitation of the compromised web page, designed to steal information or gain unauthorized access to logged-in accounts and networks.
  3. Disinformation & Parody: Spread misleading, false, or parodic information to discredit and damage the brand's reputation.
  4. ‘Malvertisements’: The typosquatting domain is 'parked' to serve third-party malicious advertising networks, leveraging type-in traffic to automatically redirect users and receive compensation from the highest-bidding destination page.

Cybersixgill's new typosquatting capability identifies and alerts customers to suspicious domains that appear to be impersonating their organization. This technology helps organizations proactively identify and ward off brand threats as they emerge.

Cybersixgill is a deep and dark web threat intelligence platform that analyzes dark web activity undetectably and autonomously.

Here's how it works: Using a customer's defined organizational domains, Cybersixgill automatically generates thousands of misspelled permutations and checks each site for signs of potential typosquatting activity.

Cybersixgill delivers three typosquatting alerts:

  1. An initial baseline scan alert. These alerts notify customers of discovered active registered domains that demonstrate signs of typosquatting and impersonation activity targeting their brand.
  2. Alerts on newly registered domains. These notifications alert customers in real-time to freshly registered domains that demonstrate symptoms of typosquatting or impersonation.
  3. Alerts to changes in domain attributes. These alerts notify customers about suspicious activity and changes detected in the previously discovered suspicious domains (e.g., an IP address changed from North America to Eastern Europe).

Each alert includes additional context from the WHOIS domain registration database, such as the domain registration date, expiry date, nameserver information, purchase registrar, ownership and contact information, etc., as well as a screenshot of the suspicious website. With this context, customers can quickly assess whether the flagged domain is a legitimate component of their brand's web presence or an impersonation attempt that threatens their brand's reputation.

Customers can also leverage Cybersixgill’s Intelligence Services Suite’s Takedown offering to remove the malicious domain from the web for a complete, end-to-end typosquatting protection solution. For more information, contact