Skip to content

Security Glossary

Typosquatting

Typosquatting is a form of domain impersonation where attackers register domains that are common misspellings or typos of legitimate brand names, hoping users will accidentally visit them.

How Typosquatting Works

Attackers analyze common keyboard typos and register domains that users might accidentally type. For example:

  • Character substitution: googel.com instead of google.com
  • Missing characters: gogle.com instead of google.com
  • Adjacent key errors: goofle.com (f is next to g)
  • Transposed characters: googel.com instead of google.com
  • Added characters: googgle.com

Risks of Typosquatting

  • Credential theft: Fake login pages harvest usernames and passwords
  • Malware distribution: Drive-by downloads infect visitors
  • Email interception: MX records capture misdirected emails
  • Brand damage: Offensive content damages your reputation
  • Ad fraud: Revenue redirected from your legitimate site

How Impersona.io Detects Typosquats

Impersona.io generates up to 100 permutations of your brand domain using typo patterns, keyboard layout analysis, and common substitutions. Each candidate is checked against live DNS, Certificate Transparency logs, and domain registries. When a typosquat is found, you get an evidence pack with screenshots, WHOIS data, and risk scoring.

Frequently Asked Questions

What is typosquatting?

Typosquatting is a type of domain impersonation where attackers register domains that are common misspellings of legitimate brand names. For example, gogle.com instead of google.com, or amzon.com instead of amazon.com.

Why is typosquatting dangerous?

Typosquatted domains can be used to steal credentials through fake login pages, distribute malware, intercept email, or damage brand reputation. Users who mistype your domain may end up on an attacker-controlled site.

How can I protect my brand from typosquatting?

Monitor for typosquat domains using tools like Impersona.io, register common typos of your domain defensively, and submit takedown requests when malicious typosquats are detected.

Related Terms

Check if your brand has typosquats

Your first brand check is free. It generates up to 100 typo permutations of your domain and checks each one against live DNS and Certificate Transparency logs.