You mean to type your bank's website but hit an extra letter. You click a link in an email that looks almost right. You search for a well-known brand and land on a site that looks identical to the real thing. In all three cases, you may have just walked into a typosquat or look-alike domain — a scam website designed to pass for a legitimate one by exploiting tiny differences most people never notice.

What typosquatting actually is

Typosquatting means registering a domain name that is a slight misspelling or variation of a popular website's address, then betting that some percentage of visitors will type it by accident, click it in a phishing message, or simply not look closely enough to notice the difference. Common tricks include:

  • Swapped letters (a well-known site name with two letters reversed)
  • Missing or doubled letters (dropping or repeating one character)
  • Extra words tacked on (adding "secure", "login", "support", or "official" before or after the real name)
  • Wrong domain ending (using .net, .co, or .info instead of the original .com)
  • Hyphens inserted between words that aren't normally separated
  • Look-alike characters, where a letter is replaced with a similar-looking number or a character from a different alphabet that renders almost identically on screen

None of these require much technical skill. Anyone can register a domain that's one keystroke away from a famous brand and put up a page that copies the original's logo, colors, and layout in an afternoon.

Why it works so well

Most of us don't read web addresses carefully. We recognize the general shape of a familiar site — logo in the corner, similar layout, a URL that starts roughly right — and that's often enough to make us feel safe. Scammers rely on this pattern-matching shortcut. They also rely on autofill and muscle memory: if you're used to typing a brand name quickly, a slightly wrong version can slip past your attention entirely.

These fake pages are used for several purposes: harvesting login credentials on a copied sign-in page, tricking you into entering payment details on a fake checkout, pushing malicious downloads disguised as software updates, or simply serving ads and redirecting traffic for profit. Some look-alike domains are more elaborate, mimicking customer support pages, delivery-tracking sites, or banking portals to catch people at a moment when they expect to be dealing with the real company.

Where you're most likely to encounter one

Typosquats rarely show up out of nowhere — they're usually pushed in front of you. Watch out for:

  • Links in unsolicited emails or texts claiming to be from a bank, delivery company, or online store
  • Sponsored search results or ads that use a slightly altered brand name
  • Links shared in social media comments, forums, or messaging apps
  • QR codes on flyers, stickers, or emails that you scan without checking where they lead
  • Simple typing mistakes when you enter an address directly into your browser

How to spot a fake before you interact with it

  • Read the domain character by character. Don't skim — actually look at every letter between the "www." and the domain ending, especially if something feels slightly off about the page.
  • Check what comes right before the domain ending. The real brand name should sit directly next to the dot and extension (like ".com"), not buried in the middle of a longer string with extra words around it.
  • Be suspicious of unfamiliar domain endings for a brand you know only ever uses one specific ending.
  • Look for pressure and urgency. Scam pages built on look-alike domains often pair with urgent language — "verify now," "account suspended," "limited time" — designed to stop you from checking the address carefully.
  • Check for a padlock icon and valid certificate — but remember this only confirms the connection is encrypted, not that the site is legitimate. Scam sites can have padlocks too.
  • Use a trusted bookmark or type the address from memory carefully instead of clicking through from search results or messages, especially for banking, shopping, or account logins.
  • Hover over links before clicking to preview the actual destination address, on both desktop and mobile where possible.

If you land on a look-alike site

Close the tab without entering any information. Don't download anything the page offers. If you already entered a password, change it immediately on the real site and on any other account where you reused it. If you entered payment details, contact your bank or card issuer right away to flag possible fraud and watch your statements closely. You can also report the site through your browser's safe-browsing warning tool or to your national consumer-protection authority, which helps get it flagged for other users.

Building the habit

The best defense against typosquatting isn't a tool — it's a habit. Slow down for one extra second before you click a link or type a sensitive password, and actually look at the address bar. Bookmark the sites you use most for banking, shopping, and email so you're never relying on memory or a search result to get there. One wrong letter only leads to a scam site if you don't notice it — and noticing takes just a moment once it becomes routine.