Typosquatting

Typosquatting (also called URL hijacking) exploits the fact that users sometimes mistype web addresses. Attackers register domains like 'amazom.com', 'gooogle.com', or 'paypa1.com' — variants that are one keystroke away from the real thing.

Visitors who arrive at a typosquatted domain may see a convincing clone of the real site designed to steal credentials or payment details, or be served with drive-by malware downloads. Some typosquatters simply monetise the traffic with adverts.

Typosquatting is also used in phishing emails where the 'From' address or link uses a near-identical domain. Checking the full URL carefully — especially before entering any credentials — is the primary defence. Browser bookmarks for frequently visited important sites (banking, email) significantly reduce risk.