What is Typosquatting? The Complete Guide for Business Owners (2026)

You've spent years building your brand. Your customers know your name, trust your website, and type your URL from memory. But what happens when they mistype a single letter — and land on someone else's site instead of yours?

That's typosquatting. It's one of the oldest tricks in the domain fraud playbook, and in 2026 it's more dangerous than ever. This guide explains exactly what typosquatting is, the different forms it takes, real-world examples of the damage it causes, and — most importantly — what you can do to protect your business.

Typosquatting Defined: What It Is and How It Works

Typosquatting — sometimes called URL hijacking or domain mimicry — is the practice of registering domain names that are slight misspellings or variations of a legitimate brand's domain. The goal is to intercept traffic from users who make typing errors, click on deceptive links, or glance at a URL without noticing the subtle difference.

For example, if your business operates at acmewidgets.com, a typosquatter might register acmewdigets.com, acmewidgets.co, or acmewigets.com. Each of these looks plausible at a glance, and any of them could fool a hurried customer.

What makes typosquatting particularly insidious is its simplicity. There's no hacking involved. No sophisticated malware. No breaking into your servers. The attacker simply registers a domain, sets up a website or email server, and waits for your traffic — or your customers — to come to them.

The 5 Types of Typosquatting Attacks

Not all typosquatting looks the same. Attackers use a range of techniques to create domains that are just different enough to be separate registrations, but similar enough to fool human eyes. Understanding these categories is the first step to defending against them.

1. Character Omission

The simplest form of typosquatting: dropping a single letter from the domain name. This exploits the most common type of typing error — accidentally skipping a key.

• gogle.com instead of google.com
• amazn.com instead of amazon.com
• acmewigets.com instead of acmewidgets.com

Character omission is devastatingly effective because the brain autocompletes familiar words. Most people won't notice a missing letter in a URL they type regularly.

2. Character Swap (Transposition)

This technique swaps two adjacent characters — mimicking the natural errors people make when typing quickly.

• gogole.com instead of google.com
• faecbook.com instead of facebook.com
• acmewdigets.com instead of acmewidgets.com

Transposition attacks are especially effective on mobile keyboards where fat-finger errors are common. A study by researchers at Georgia Tech found that character transposition accounts for roughly 20% of all typosquatting registrations.

3. Homoglyph Attacks

This is where typosquatting gets truly devious. Homoglyph attacks use characters that look visually identical (or nearly identical) to the real ones, but are technically different Unicode characters.

• Replacing the Latin letter "a" with the Cyrillic "а" (they look identical but are different code points)
• Swapping a lowercase "l" (L) with a "1" (one) or uppercase "I" (i)
• Using "rn" to mimic "m" — acrnewidgets.com looks remarkably like acmewidgets.com in certain fonts
• Using accented characters like "ė" or "ę" in place of "e" in internationalised domain names (IDN)

Homoglyph attacks are nearly impossible to detect by eye, which makes them the weapon of choice for targeted phishing campaigns. Modern browsers have introduced IDN display policies to combat this, but the protection is inconsistent across browsers and platforms.

4. TLD Variation

Instead of misspelling the brand name itself, TLD variation targets the domain extension. With over 1,500 top-level domains now available, the attack surface is enormous.

• acmewidgets.co instead of acmewidgets.com
• acmewidgets.net, acmewidgets.shop, acmewidgets.io
• Country-code TLDs: acmewidgets.com.au or acmewidgets.co.uk when you only own the .com

TLD variation is particularly dangerous because the brand name is spelled correctly — only the extension differs. Customers who remember your name but not your exact TLD are vulnerable, and many won't think twice about a .net or .co version of your domain.

5. Combosquatting

Combosquatting appends or prepends common words to your brand name, creating domains that look like official subpages or services.

• acmewidgets-login.com
• acmewidgets-support.com
• acmewidgets-billing.com
• secure-acmewidgets.com
• my-acmewidgets.com

Research from Georgia Tech found that combosquatting is actually more prevalent than traditional typosquatting, and it's growing faster. The reason is simple: combosquatting domains look intentional rather than accidental. A customer receiving an email from acmewidgets-billing.com might reasonably assume it's a legitimate subdomain or dedicated service, not a fraud.

Real-World Typosquatting Examples

Typosquatting isn't theoretical — it's happening at scale, to businesses of every size.

The Google "Goggle" Case

One of the earliest high-profile cases involved goggle.com, which at various points has served malware, displayed ads monetising Google's traffic, and redirected visitors to scam sites. Google eventually acquired the domain, but not before millions of users were exposed.

Microsoft & Microsoftt.com

Researchers have documented hundreds of typosquatting domains targeting Microsoft properties, including variations of microsoftt.com, microsof.com, and micosoft.com. Many of these have been used in credential-harvesting phishing campaigns targeting enterprise users.

Small Business, Real Consequences

It's not just the tech giants. In 2025, a regional accounting firm discovered that someone had registered a combosquat of their domain with "-portal" appended and was using it to send fake invoice emails to their clients. By the time the firm found out — through a confused client phone call — three customers had already wired payments to fraudulent accounts. The total loss exceeded $120,000, and the reputational damage took months to repair.

This pattern repeats across industries. E-commerce shops lose sales to cloned storefronts. SaaS companies have their login pages replicated for credential theft. Professional services firms see their client communications hijacked. The common thread: the businesses targeted had no monitoring in place to catch the lookalike domains early.

The Business Impact of Typosquatting

The consequences of typosquatting extend far beyond the immediate fraud. Here's what's really at stake:

Direct Financial Loss

When customers are tricked into making payments, sharing credit card details, or entering credentials on a typosquatted site, the financial impact hits both the customer and your business. Chargebacks, fraud claims, and remediation costs add up quickly. For small businesses, a single successful campaign can mean five- or six-figure losses.

Eroded Customer Trust

Customers who get scammed through a domain that looks like yours don't always blame the attacker. They blame you. "Why didn't you protect your brand?" "How could you let this happen?" Trust is one of the hardest things to rebuild, and typosquatting can shatter it overnight.

SEO and Traffic Diversion

Typosquatted domains can siphon organic traffic away from your legitimate site. If a squatter sets up a convincing-looking website, search engines may even index it — creating confusion in search results and diluting your brand authority.

Legal and Compliance Exposure

Depending on your industry, a typosquatting attack that leads to customer data exposure could trigger regulatory obligations. Financial services, healthcare, and any business handling personal data may face notification requirements, audits, and potential fines — even when the breach occurred on someone else's infrastructure.

Operational Disruption

Responding to a typosquatting incident consumes time and resources. Your team ends up firefighting — dealing with customer complaints, filing takedown requests, coordinating with legal counsel, and communicating with affected parties — instead of running the business.

How to Protect Your Business from Typosquatting

The good news is that typosquatting protection doesn't require an enterprise security budget. Here's a practical, layered approach that works for businesses of any size.

Register Defensive Domains

Start by registering the most obvious misspellings and TLD variations of your brand domain. Focus on:

• Common single-character omissions
• Adjacent-key substitutions (based on your keyboard layout)
• Key TLD variants: .net, .co, .org, and your country-code TLD
• Common combosquats: yourbrand-login, yourbrand-app

You can't register every possible variation (there are thousands), but covering the top 10–20 most likely typos dramatically reduces your exposure.

Set Up Continuous Domain Monitoring

Defensive registration is a start, but it's not enough. New domains are registered every second, and attackers will always find variations you haven't covered. Continuous monitoring scans new domain registrations in real time, alerting you when anything resembling your brand appears.

What to look for in a monitoring tool:

• Real-time detection of new registrations matching your brand pattern
• Coverage of all five typosquatting types (omission, swap, homoglyph, TLD, combosquat)
• Risk scoring that prioritises active threats over parked domains
• Alerting that's fast enough to act before a campaign scales

Implement Email Authentication (DMARC, SPF, DKIM)

Typosquatted domains are frequently used as email-sending platforms. Implementing DMARC with a p=reject policy on your legitimate domain prevents attackers from directly spoofing your exact domain. While it won't stop emails from lookalike domains, it eliminates one major attack vector and gives you reporting data on spoofing attempts.

Establish a Takedown Process

When you discover a typosquatted domain, speed matters. Have a documented process ready:

1. Document the evidence — Screenshots, WHOIS records, DNS configurations, and any phishing content hosted on the domain
2. Report to the registrar — Most registrars have abuse reporting processes and are obligated to act on legitimate complaints
3. Report to the hosting provider — If the domain hosts active content, the hosting provider can often remove it faster than the registrar can suspend the domain
4. Submit to Google Safe Browsing — Flag the domain so browsers warn users before visiting
5. Consider UDRP — For persistent or commercially motivated squatting, the Uniform Domain-Name Dispute-Resolution Policy provides formal arbitration

Educate Your Customers

Publish a page on your website listing your official domains and communication channels. Include security guidance in your customer onboarding. When customers know what to expect from your legitimate communications, they're far more likely to spot — and report — fakes.

How DoppelDown Protects Against Typosquatting

Manual typosquatting protection doesn't scale. Searching WHOIS databases by hand, periodically Googling variations of your domain, and hoping customers report suspicious sites — it's reactive, slow, and riddled with blind spots.

DoppelDown was built to solve exactly this problem. Here's how it works:

• Automated domain monitoring: DoppelDown continuously scans new domain registrations across all major TLDs, detecting typosquats, homoglyphs, TLD variations, and combosquats the moment they appear
• Intelligent risk scoring: Not every lookalike domain is an active threat. DoppelDown analyses DNS configurations, website content, email setup, and hosting patterns to prioritise the domains that pose real danger
• Instant alerts: Get notified immediately when a high-risk domain is detected — not days or weeks after it's been registered
• Takedown support: DoppelDown streamlines the takedown process with documented evidence collection and direct reporting workflows

Whether you're a solo founder protecting a single brand or a growing business with multiple product lines, DoppelDown gives you the visibility that typosquatters count on you not having.

Don't Wait for the Typo That Costs You Everything

Typosquatting is one of those threats that feels abstract — until it happens to you. And when it does, the damage is immediate, personal, and expensive. A single convincing typosquatted domain can redirect your customers to phishing pages, capture their credentials, steal their money, and destroy their trust in your brand.

The businesses that avoid this fate aren't the ones with the biggest security budgets. They're the ones with visibility. They know what domains exist in the shadow of their brand, and they act before those domains become weapons.

Start monitoring your brand with DoppelDown today — it's free, requires no credit card, and takes less than five minutes to set up. Find out what's lurking in the typos before your customers do.