Typosquatting, also known as URL hijacking or fake URL, is a form of cybersquatting that relies on misspelt, differently spelt or typographical errors of a legitimate domain to lure users into accessing or browsing a fake one.
Cybersquatting is the use of a domain name for ill-intent cases from a brand or trademark belonging to someone else – much like squatting where a person inhabits someone else’s property without permission. With typosquatting, a fraudster can leverage the mistakes of users in typing a legitimate website to direct them to a fake URL instead.
In addition, a typosquatter can also add and omit letters in a legitimate domain in the hopes that users will type an error when they are browsing. For example, the legitimate twitter.com can be misspelt as twitt3r.com or twitters.com. Other websites have already bought some domains that typosquatters may use, such as Facebook owning favebook.com and facebok.com.
The purpose of typosquatting is to get users to visit a fake URL, which generates clicks. These will be then used by the typosquatters to insert advertisements in the wrong domain, gaining revenue from the volume of traffic.
Some fake domains are used for phishing by impersonating a legitimate website’s interface, where users enter their credentials. Usually, typosquatters also reserve the fake domains and then sell them to the legitimate company or owner of the brand in the future.