Typosquatting / URL Hijacking

Vishnu Shivalal P
2 min readJun 2, 2024

Typosquatting, a.k.a. URL Hijacking is a social engineering method that uses misspelt domains for various malicious or illegal activities. In this kind of attack, the threat actors generate a sting or a fake site that impersonates a legitimate domain and the generated fake site is used for malicious purposes.
These threat actors register these malicious and fake domains, similar to legitimate ones, but contains typographical errors in the hope of fooling their victims. These fake websites/domains can steal user credentials, PIIs (Personally Identifiable Informations) such as full name, SSN (Social Security Number), address, credit card informations, etc.

Examples

A legitimate domain will be dogfood.com and a fake domain one will look like dogfud.com or dofgood.com

Examples

What are the variations used in Typosquatting Attacks?

There are plenty of ways that scammers/hackers can try to trick us into clicking on a domain they own.

Variations in Typosquatting

How to Avoid Typosquatting Attacks?

The Typosquatting attacks can only be avoided or prevented by becoming consious about this attack.

Avoiding/Preventing Typosquatting Attacks

In simple terms, a typosquatted website is a form of domain spoofing that aims to create a domain that looks similar and legitimate to an existing site.

References

--

--

Vishnu Shivalal P
Vishnu Shivalal P

Written by Vishnu Shivalal P

Cyber Security Engineer | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp