Skip to main content


Home Typosquatting

Typosquatting

(also URL hijacking, sting site, fake URL)

Typosquatting definition

Typosquatting is a social engineering attack involving a fake website that the victim accesses by mistyping a URL. The fake website is usually made to look identical to its legitimate counterpart and is registered under a similar domain. Typosquatting websites may run scripts to infect the victim’s browser, trick them into downloading malware, or steal their credentials.

Typosquatting is a form of cybersquatting. Because typosquatting can cause severe damage to a brand’s reputation, major corporations and famous celebrities actively hunt for and take down typosquatted domains.

Real typosquatting examples

  • Yuube.com: Redirected YouTube users to a malicious website that tried to trick them into downloading malware
  • Agor.io: Fake version of the agar.io (a browser-based game) website with jumpscares
  • arifrance.com: Tried to steal AirFrance’s online traffic and sell its customers discount fares

Stopping typosquatting

  • Double-check the URL before you press “Enter.” If you’re not sure about the spelling, use Google or another search engine to find the legitimate site.
  • Bookmark your favorite websites. By accessing websites from your saved addresses, you won’t need to type the URL every time.
  • Never click on suspicious links in emails. Always hover over a link to see where it leads and double-check the URL.
  • Use NordVPN’s Threat Protection Pro feature. Once enabled, it will warn you if you’re about to enter malicious websites, including typosquatted domains.