URL Hijacking

An incorrectly entered URL could lead to a website operated by a cybersquatter.
Typo squatting, also called URL hijacking, a sting site, or a fake URL, is a form of cyber squatting, and possibly brand-jacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cyber-squatter).

The typosquatter’s URL will usually be one of five kinds, all similar to the victim site address (e.g. example.com):

  • A common misspelling, or foreign language spelling, of the intended site: exemple.com
  • A misspelling based on typos: examlpe.com
  • A differently phrased domain name: examples.com
  • A different top-level domain: example.org
  • An abuse of the Country Code Top-Level Domain (ccTLD): example.cm by using .cm, example.co by using .co, or example.om by using .om. A person leaving out a letter in .com in error could arrive at the fake URL’s website

Once in the typo-squatter’s site, the user may also be tricked into thinking that they are in fact in the real site, through the use of copied or similar logos, website layouts or content. Spam emails sometimes make use of typo-squatting URLs to trick users into visiting malicious sites that look like a given bank’s site, for instance.