Typo-Squat Redirect
A scam where a domain with a common misspelling of a popular website automatically redirects visitors to a phishing page, malware download, or fraudulent storefront.
Also known as: typosquatting redirect, misspelling redirect, domain redirect fraud
Last reviewed: 1 June 2026
Typo-squat redirects exploit the inevitable typing errors that occur when users manually enter website addresses. An attacker registers domain names that differ by one keystroke from popular brands — transposed letters, missing characters, common spelling mistakes, or wrong TLDs — and configures them to silently redirect visitors to malicious destinations.
The redirect may go to a convincing phishing page that harvests login credentials, a fake online store that takes payment but delivers nothing, a page that silently downloads malware, or an ad farm that monetises the accidental traffic. The victim's browser address bar may update to the malicious URL after the redirect, though some operators try to maintain the appearance of the intended domain.
Typo-squat redirects differ from standard typosquatting in that the registered domain does not simply host content — it actively forwards the user elsewhere, sometimes through multiple redirect hops to obscure the final destination. Users can protect themselves by bookmarking important sites rather than typing URLs, and organisations can defend themselves by defensively registering common misspellings of their own domain.
Examples
- A user types 'paypa1.com' instead of 'paypal.com' and is immediately redirected to a pixel-perfect phishing page requesting their PayPal login credentials.