Typosquatting: What It Is and How to Protect Your Brand

WIPO handled 6,192 cybersquatting cases in 2023, a record high. That number has climbed every year for over a decade, and typosquatting (registering misspelled versions of established brand names as domain names) accounts for a significant share of those disputes.

If you own a brand, the exposure is significant. Studies estimate that typosquatting affects more than 80% of popular brands. The attack surface is simple: a single mistyped character sends your customers to someone else's server. What happens next ranges from annoying (parked ad pages) to devastating (credential harvesting that looks exactly like your login screen).

This guide covers how typosquatting works, why it matters as a brand threat specifically, and the legal and technical tools available to fight it.

What Is Typosquatting?

Typosquatting is the practice of registering domain names that are common misspellings or visual lookalikes of established brands. The goal is to intercept traffic from users who mistype a URL. A typosquatter banking on "gogle.com" or "amozon.com" doesn't need to hack anything. They just wait for fingers to slip.

Here are common typosquatting examples based on the five predictable typo patterns:

• Character omission. Dropping a letter: "gogle.com" instead of "google.com"
• Character transposition. Swapping adjacent characters: "gogole.com" instead of "google.com"
• Adjacent key substitution. Hitting a neighboring key: "goofle.com" (f is next to g on a QWERTY keyboard)
• Wrong TLD. Registering a different top-level domain: "brand.co" instead of "brand.com," or "brand.org" instead of "brand.net"
• Homoglyphs. Substituting visually similar characters: using a Cyrillic "a" (а) in place of a Latin "a," or replacing lowercase "l" with the digit "1"

Homoglyph attacks are particularly dangerous because the domain can appear identical to the legitimate one in a browser address bar, especially on mobile screens with small fonts.

Typosquatting vs. cybersquatting. The terms overlap but aren't synonymous. Cybersquatting is the broader category: registering any domain name in bad faith to profit from someone else's trademark. Typosquatting is a specific tactic within cybersquatting that relies on typing errors. Someone registering "nikeshoes-official.com" is cybersquatting. Someone registering "nkie.com" is typosquatting. The legal remedies are similar, but the detection methods differ. More on that distinction in the comparison section below.

For a broader look at how trademark infringement works across channels (not just domains), see our trademark infringement guide.

Why Typosquatting Is a Brand Threat

Most coverage of brand typosquatting focuses on the cybersecurity angle: phishing, malware, credential theft. Those are real risks. But for brand owners, the damage goes deeper than a single security incident.

Phishing and credential harvesting. A typosquatted domain with a cloned login page captures real usernames and passwords. The user blames your brand for the breach, not the typosquatter. Google alone detects 25 billion spam pages daily, with typosquatted domains contributing a meaningful share of that volume. Automated detection helps, but coverage is never complete.

Revenue diversion. Some typosquatters redirect traffic to competitor products or fill the page with pay-per-click ads for competing services. Every mistyped URL becomes revenue in someone else's pocket. Affiliate fraud variants insert a typosquatter's referral cookie before redirecting users to the legitimate site, skimming commission on sales they did nothing to generate.

Reputation damage. A typosquatted domain serving malware or explicit content gets associated with your brand in users' minds. The more prominent your brand, the more typo domains exist, and the more surface area for reputational contamination.

Customer trust erosion. When customers learn (often from news coverage of a phishing incident) that fake versions of your site exist, they become hesitant to interact with your legitimate communications. Transactional emails get ignored. Password reset links go unclicked. Trust, once damaged, compounds in cost.

The scale is difficult to overstate. WIPO's 6,192 cases in 2023 represent only the disputes that made it to formal proceedings. The vast majority of typosquatted domains never reach arbitration because brand owners either don't detect them or decide the cost of enforcement exceeds the cost of the damage.

How Typosquatters Operate

The economics of typosquatting favor the attacker. Registering a domain costs under $10. Defending against it costs $1,500 to $5,000 per UDRP (Uniform Domain-Name Dispute-Resolution Policy) proceeding and takes 45 to 60 days. That cost asymmetry is the business model.

Automated generation. Domain typosquatting at scale means typosquatters don't guess at misspellings manually. They use algorithms that generate every permutation of a target brand: character omissions, transpositions, adjacent-key substitutions, common TLD variants, and homoglyph swaps. For a 10-character brand name, the permutation space can exceed 500 candidate domains. Automated tools check availability and register viable candidates in bulk.

Monetization models. Once a typosquatted domain is registered, it gets monetized through one of several approaches:

• Domain parking. Display pay-per-click ads. Low effort, low per-domain revenue, but profitable at scale across hundreds of typo domains.
• Affiliate fraud. Redirect users to the legitimate site through an affiliate link, capturing commission on purchases the typosquatter didn't influence.
• Malware distribution. Serve drive-by downloads or prompt users to install "required updates."
• Phishing. Clone the target brand's login page to harvest credentials.

Timing exploitation. Sophisticated typosquatters monitor product launches, rebrandings, and major marketing campaigns. When a new brand name is announced, they register typo variants within hours, before the brand owner has completed their own defensive registrations.

How to Detect Typosquatting

Detection is the bottleneck. Most brands don't know how many typosquatted domains target them until an incident forces the question.

DNS monitoring. Services that scan newly registered domains against permutations of your brand name. Certificate Transparency logs (public records of every SSL certificate issued) are especially useful here. If someone registers a typo domain and adds HTTPS (increasingly common, since browsers flag HTTP as insecure), the certificate issuance creates a public record you can monitor.

Brand monitoring services. Specialized providers that combine domain monitoring with web content scanning, social media surveillance, and marketplace monitoring. These catch typosquatted domains that are actively being used, not just registered.

Trademark watch services. A different detection layer. While domain monitoring catches typosquatted domains, trademark watch services detect when someone attempts to register a confusingly similar mark through an official trademark office. This catches a different class of infringer: those who typosquat not just domains but trademark registrations themselves. Signa's trademark monitoring API detects variations of your mark across filings in 200+ trademark offices globally. For a comparison of monitoring approaches, see trademark monitoring tools compared.

Practical detection strategy. No single tool catches everything. Domain monitoring catches the domain registrations. Certificate transparency catches the domains that go active with HTTPS. Trademark watch catches the more sophisticated actors who attempt to formalize their infringement through official channels. A complete detection strategy layers all three. More on building an enforcement workflow in our trademark monitoring and enforcement guide.

Typosquatting Protection: How to Defend Your Brand

Detection finds the problem. Protection prevents and resolves it. Here are the primary tools available to brand owners.

Defensive domain registration. Register the most obvious typo variants of your brand proactively. Focus on character omissions, the most common TLD alternatives (.com, .net, .org, .co, your country code), and any homoglyph variants that render identically in common browsers. This is insurance, not a complete solution. You cannot register every possible permutation, but covering the top 20 to 30 variants eliminates the highest-traffic typo paths.

UDRP proceedings. The Uniform Domain-Name Dispute-Resolution Policy, administered by WIPO and other ICANN-accredited providers, is the standard mechanism for reclaiming typosquatted domains. To win, you must demonstrate three things: the domain is identical or confusingly similar to your trademark, the registrant has no legitimate interest in the domain, and the domain was registered and used in bad faith. ICANN reports over 500,000 domain disputes since UDRP was introduced in 1999. Success rates for complainants exceed 85% in straightforward typosquatting cases.

Anticybersquatting Consumer Protection Act (ACPA). A US federal statute that provides an alternative to UDRP with stronger remedies. ACPA allows statutory damages of $1,000 to $100,000 per domain name, making it a more powerful deterrent for serial typosquatters. Unlike UDRP, ACPA proceedings happen in US federal court, which means higher costs but also the ability to pursue damages rather than just domain transfer.

Browser and search engine protections. Modern browsers autocorrect common URL typos, and search engines downrank known malicious domains. You can report typosquatted domains to Google Safe Browsing and to browser vendors directly. These protections reduce user exposure but don't eliminate the underlying domain registration.

Trademark registration as foundation. Every enforcement mechanism, whether UDRP, ACPA, or takedown requests, is significantly stronger when backed by a registered trademark. A registered mark provides presumptive evidence of ownership and bad faith on the typosquatter's part. If you haven't registered your brand as a trademark, that is the single highest-leverage protective step you can take. For a broader look at protective tools, see our brand protection software guide.

Consult a trademark attorney for legal guidance specific to your situation. The remedies above vary by jurisdiction, and the right strategy depends on your brand's geographic footprint and the nature of the infringement.

Typosquatting vs Cybersquatting vs Domain Squatting

These three terms get used interchangeably, but they describe different behaviors with different legal treatments.

The key distinction: typosquatting and cybersquatting both require a pre-existing trademark to contest. Domain squatting (registering generic terms speculatively) is generally legal, because there's no trademark being infringed. You can't UDRP someone for registering "fastdelivery.com" unless you own a trademark on "Fast Delivery."

Typosquatting is often easier to prove in UDRP proceedings than other forms of cybersquatting. The typo pattern itself is strong evidence of bad faith. Nobody registers "amazom.com" for legitimate purposes.

Protect What You've Built

Typosquatting exploits a simple vulnerability: the gap between what a user intends to type and what they actually type. The defenses are layered: register defensively, monitor continuously, and enforce when necessary.

The brands that handle typosquatting effectively treat it as an ongoing operational concern, not a one-time project. Domains get registered every day. New TLDs expand the attack surface. The monitoring must be continuous.

Signa's trademark monitoring API can detect variations of your mark across trademark filings globally. Start with a free search at signa.so.