Typosquatting

Registering domain names that look like a known brand to catch users who mistype or skim. The infrastructure layer of phishing.

Typosquatting is when an attacker registers a domain that's visually similar to a known brand — paypa1.com, microsofft.com, amaz0n-secure.com. The variants follow predictable patterns (homoglyph, omission, transposition, brand-suffix), and tools like dnstwist generate them by the hundred.

Typosquats are the launching pads for almost all phishing campaigns. Knowing which variants of your brand exist — and which are currently live — is a foundational brand-protection task.

PhishGuard's free typosquat checker enumerates 150+ variants and runs a live DNS check on each.

Example

google.com → g00gle.com, goolge.com, googel.com, google-secure.com

Related terms

Homoglyph attack

Replacing a character in a domain with a visually identical one (often a Unicode lookalike) so the URL passes a glance test.

Phishing

Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.

Got a URL you're unsure about?

Paste it into our free scanner — verdict in seconds, 10+ threat-intel sources.

Scan a URL →