UpGuard's Typosquatting module helps you monitor cybersecurity risks related to typosquatting.
The Typosquatting module lets you choose the domains you want to monitor and identifies permutations of those domains that are at risk of typosquatting.
If you've purchased this module, your main domain will be monitored by default once the Typosquatting module is activated.
What is typosquatting?
Typosquatting is a form of cybersquatting where someone buys a similar domain name to those owned by your brand or copyright and targets Internet users who incorrectly type in a website address into their web browser, rather than using a search engine. Typosquatting is also known as URL hijacking, domain mimicry, a sting site, or a fake URL.
The typosquatted domain owner may redirect traffic to a different URL, show ads, or simply park the domain with the hope that the brand buys the domain from them.
Popular uses of typosquatted domains
- Bait and switch: The site is trying to sell you something you may have bought at the correct URL and then not sending you the item
- Domain parking: The owner of a parked domain may try to sell you the domain for a price that increases as your business grows
- Imitators: The website passes itself off as the real location to perform a phishing attack
- Joke site: The site makes fun of the trademark or brand name
- Related search results listing: Owner uses traffic that was meant for the real site to drive traffic to competitors, charging them on a cost-per-click basis
- Surveys and giveaways: Site pretends like they're interested in feedback from the real site's customer to try get access to sensitive information
- Monetize traffic: Owner puts up advertisements or popups to generate advertising revenue from direct navigation misspellings
- Affiliate links: Site redirects traffic back to the brand through an affiliate link, earning a commission for each real purchase through the brand's affiliate program
- Install malware: To infect or generate revenue from adware
- Phishing: Attempt to gain personal data, login credentials or emails