What is typosquatting? Look-alike domain scams explained

What is typosquatting?

Typosquatting - also called URL hijacking - is when someone registers a web address that looks almost like a real one, hoping you won't notice the difference. The fake might have a small typo (gogle.com), a swapped letter, a look-alike character (paypa1.com, with the number one), an extra word (apple-support.com), or a different ending (yourbank.net instead of .com).

The goal is to catch you when you're moving fast: you mistype an address, glance at a link without reading it, or trust a familiar logo. The page that loads can look identical to the real thing.

How scammers use look-alike domains

• Phishing pages. A login screen that copies your bank or email provider to capture your password.
• Fake stores and support. "Official" shops or help desks on a look-alike domain.
• Email spoofing. Messages from an address that feels close enough to be real.
• Malware. Mistyped addresses that quietly push a download.

How to protect yourself

1. Read the whole address, slowly. Check the part just before the first single slash - that's the real domain. secure.paypal.com.evil.ru is evil.ru, not PayPal.
2. Watch for look-alike characters. A zero for an "o", a one for an "l", rn posing as "m".
3. Don't click - navigate. Type known addresses yourself or use a saved bookmark, especially for banking.
4. Be suspicious of extra words. Real companies rarely use brand-security-login.com.
5. Use a password manager. It only autofills on the exact domain it saved, so it won't enter your password on a look-alike - a quiet but powerful safety net.

Check a domain for look-alikes

If you run a website, or just want to see which impersonating domains exist for a brand, our Look-alike Domain Finder generates the common variants and shows which are live right now. And before you trust any specific link, run it through the Link Checker.