What is typosquatting and how to protect your business in 6 steps

What is typosquatting?

Typosquatting is a cyberattack in which malicious actors register domain names that are deliberately misspelled or look very similar to legitimate, well-known websites. They rely on human error—a simple typo—to lure unsuspecting visitors to their fraudulent sites.

There are tens of thousands of malicious look-alike domains detected weekly, and large brand domains are among the top targets. 

The purpose is often to:

• Steal sredentials (Phishing): Presenting a fake login page (mimicking the real site’s design) to trick users into entering usernames and passwords.
  
• Distribute malware: Tricking users into downloading malicious files (like viruses or ransomware) or initiating an automatic “drive-by download” simply by visiting the page.
  
• Generate revenue: Monetizing the accidental traffic through excessive ads, pop-ups, or affiliate links.
  
• Brand damage: Hosting derogatory, offensive, or controversial content associated with the legitimate brand.

How to identify typosquatted domains?

Real-world example:

Legitimate: station.veriff.com

Possible typosquats attackers might use:

• station.verirf.com (transposed letters)
• station.verif.com (missing/removed letter)
• station.veriff-login.com (different second-level domain)
• station.veriff.co (different TLD)
• station.vеriff.com (homoglyph — visually similar characters from other alphabets)
• station.verriff.com (double letter)

How to protect yourself

Protecting yourself from typosquatting is about vigilance and smart web habits:

1. Stop, look, and verify the URL: Before clicking a link or, most importantly, entering any login information, always double-check the URL in the address bar. Look for subtle misspellings, swapped letters, or different domain extensions (.net,.co, etc.).
   
2. Use search engines and bookmarks: Instead of manually typing long or familiar URLs, use a trusted search engine to find the site, or better yet, create bookmarks for sites you visit frequently (such as your bank or email).
   
3. Avoid clicking links in suspicious emails/messages: Typosquatted domains are often delivered via phishing emails or texts. If an email link looks suspicious, don’t click it. Manually navigate to the official website instead.
   
4. Look for HTTPS and the padlock: Check that the connection is secure. A legitimate site should have HTTPS at the beginning of the URL and a closed padlock icon in the address bar. However, keep in mind that even malicious sites can sometimes acquire an SSL certificate (which enables HTTPS), so this alone is not a guarantee.
   
5. Use password managers: A good password manager will only auto-fill credentials on the exact, correct domain name, preventing you from accidentally submitting your password on a typosquatted site.
   
6. Use SSO-based logins (Single Sign-On): For corporate or organizational tools, using SSO means you only enter your credentials on a single, official Identity Provider (IdP) page (e.g., Microsoft, Google, Okta, etc.). If you land on a fake typosquatted site, it will attempt to redirect you to its own fake login page. However, an effective SSO solution will immediately redirect you to the correct, official IdP URL, which should be instantly recognizable and secure, stopping credential theft before it starts.

Stay safe online by being detail-oriented! Every character in a web address matters.

About Veriff

Veriff is a global identity verification platform helping businesses build trust online. Our AI-native technology combines automation and human expertise to quickly and accurately verify users worldwide with minimal friction. Trusted by leading companies like Blockchain, Bolt, Deel, Monzo, Starship, Trustpilot, and Webull across finance, marketplaces, mobility, gaming, and other industries. Our trust infrastructure helps businesses stay compliant, prevent fraud, protect users, and scale globally, enabling a safer, more transparent internet for everyone.