Vodigy
Typosquatting Scam Explained

One Wrong Keystroke Can Cost Your Company Everything: The Typosquatting Scam Explained

It’s a tiny mistake most of us make without thinking. You type a website address from memory, hit enter, and move on. But that “one extra letter” or “one swapped character” can send you somewhere you never intended to go. And for businesses of any size, that slip can turn into phishing, malware, stolen credentials, or brand damage.

That’s the business behind typosquatting: attackers register lookalike domains that mimic real brands, products, or company portals. Their goal is simple: catch people who mistype a URL and turn that traffic into profit, access, or leverage.

What typosquatting looks like in real life

A legitimate domain might be:

  • yourcompany.com
!
A typosquatted version could be:
  • youcompany.com (missing a letter)
  • yourcompanny.com (extra letter)
  • yourcomapny.com (swapped letters)
  • yourcompany.co (different domain ending)

 Most people won’t notice. And attackers design these fake sites to look “close enough” to keep users moving.

Why businesses should care (small to enterprise)

Typosquatting isn’t just a “big brand problem.” It hits small and mid-sized companies too, because attackers don’t need to break into your network to cause damage. They can exploit your customers, partners, or employees simply by impersonating you.

Here are the most common ways typosquatting is used:

1) Phishing

A fake login page is the classic move. The site looks like your real portal or vendor login, and it asks for a username, password, or MFA code. The moment someone enters credentials, the attacker has what they came for.

Why it hurts: stolen credentials can lead to email compromise, invoice fraud, account takeovers, and more.

2) Malware distribution

Some typosquatting sites push “updates,” “installers,” or fake downloads that actually deliver malware. This can be a direct infection route or the first step toward ransomware.

Why it hurts: malware doesn’t just affect the person who clicked. It can become a foothold into the business.

3) Ad revenue and traffic monetization

Not every typosquatting domain is built for a dramatic breach. Some are just made to capture “free” web traffic and monetize it with ads, affiliate links, or shady redirects.

Why it hurts: it still steals your traffic, confuses your audience, and creates a trust problem when users end up somewhere sketchy.

4) Brand impersonation

Attackers use lookalike domains to send convincing emails “from your company,” host fake support pages, or run scam promotions. This can be aimed at your customers or your employees.

Why it hurts: even if your systems aren’t breached, your brand takes the hit.

5) Credential harvesting at scale

This one deserves its own callout. Attackers often reuse the same typosquatting play across many brands and portals. It’s not personal, it’s volume.

Why it hurts: one reused password or one mistyped domain can become the weak link.

Quick warning signs to share with your team

These are simple checks anyone can do:
  • The URL looks “almost right,” but not exactly
  • The page asks you to log in again unexpectedly
  • The domain ending is different than usual (.co vs .com)
  • The site feels slightly off: weird spacing, missing links, generic buttons

You were sent there from an email link you weren’t expecting

Practical steps businesses can take (without making it a huge project)

For everyone

  • Use bookmarks for frequently used portals (payroll, email, CRM, banking)
  • Use a password manager (it won’t auto-fill on the wrong domain)
  • If anything feels off, stop and re-check the URL before logging in

For IT and security teams

  • Register common misspellings and “neighbor domains” of your brand and key products
  • Monitor new domain registrations that resemble your domain
  • Enforce MFA, especially for email and finance-related tools
  • Implement email protections (SPF, DKIM, DMARC) to reduce spoofing
  • Add web filtering and DNS protections to block known malicious domains

For leadership and comms

  • Have a simple playbook for customer impersonation scams (what to do, who responds, how you communicate)
  • Train teams that handle payments, vendors, HR, and support, since they’re common targets

The takeaway

For everyone

  • Use bookmarks for frequently used portals (payroll, email, CRM, banking)
  • Use a password manager (it won’t auto-fill on the wrong domain)
  • If anything feels off, stop and re-check the URL before logging in

For IT and security teams

  • Register common misspellings and “neighbor domains” of your brand and key products
  • Monitor new domain registrations that resemble your domain
  • Enforce MFA, especially for email and finance-related tools
  • Implement email protections (SPF, DKIM, DMARC) to reduce spoofing
  • Add web filtering and DNS protections to block known malicious domains

For leadership and comms

  • Have a simple playbook for customer impersonation scams (what to do, who responds, how you communicate)
  • Train teams that handle payments, vendors, HR, and support, since they’re common targets
Before you log in, look twice.
A single extra letter in a domain can lead to phishing, malware, brand impersonation, ad-trap redirects, or stolen credentials.
Picture of Todd Eldron

Todd Eldron

Todd Eldron is an accomplished information technology professional with over 15 years of experience guiding organizations through digital transformation initiatives. His work focuses on implementing effective strategies to enhance cybersecurity, optimize operational performance, and adopt emerging technologies responsibly. Connect with Todd on LinkedIn

You also might be interested in