Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
What is typosquatting? A simple but effective attack technique
A type of social engineering attack, typosquatting uses purposely misspelled domains for a variety of malicious purposes.
Typosquatting definition
A typosquatting attack, also known as a URL hijacking, a sting site, or a fake URL, is a type of social engineering where threat actors impersonate legitimate domains for malicious purposes such as fraud or malware spreading. They register domain names that are similar to legitimate domains of targeted, trusted entities in the hope of fooling victims into believing they are interacting with the real organisation.
A common misspelling of the target domain (CSOnline.com rather than CSOOnline.com, for example)
A different top-level domain (using .uk rather than .co.uk)
Combining related words into the domain (CSOOnline-Cybersecurity.com)
Adding periods to the URL (CSO.Online.com)
Using similar looking letters to hide the false domain (ÇSÓOnliné.com)
“Can you see the difference between goggle.com and google.com?” says Russell Haworth, CEO of Nominet, which acts as the registry for the .uk domain. “Essentially, typosquatting is a lookalike domain with one or two wrong or different characters with the aim of trying to trick people onto the wrong webpage.”