FANDOM



Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when typing a website address into a web browser.

Payload

Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter). The typosquatter's URL will usually be one of five kinds, all similar to the victim site address (e.g. example.com): A common misspelling, or foreign language spelling, of the intended site: exemple.com A misspelling based on typos: examlpe.com, A differently phrased domain name: examples.com A different top-level domain: example.org An abuse of the Country Code Top-Level Domain (ccTLD): example.cm by using .cm, example.co by using .co, or example.om by using .om. A person leaving out a letter in .com in error could arrive at the fake URL's website. Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts or content. Spam emails sometimes make use of typosquatting URLs to trick users into visiting malicious sites that look like a given bank's site. One infamous example is Goggle.com which when entered, used to download several viruses and malware, including rogues like SpySheriff. The site is no longer active and replaced with fake coupons.

Community content is available under CC-BY-SA unless otherwise noted.