Your Brand Is Being Impersonated Right Now

If your company has any online presence at all, there are almost certainly domains registered right now that look like yours. Not exact copies — close enough to fool a distracted employee clicking a link in an email, or a customer who mistyped your URL by one character.

This is typosquatting, and it's one of the most common attack vectors for phishing, credential theft, and brand fraud. It's cheap to execute (a domain costs $10/year), hard to detect manually, and devastating when it works.

How Typosquatting Works

Attackers register domain names that are visually similar to legitimate brands using predictable techniques:

Character Swaps

Swapping adjacent characters: googel.com instead of google.com. Users who type quickly often transpose letters, and these domains catch that traffic.

Omissions and Duplications

Dropping or doubling a letter: gogle.com or gooogle.com. These exploit the fact that most people don't carefully proofread URLs.

Keyboard Adjacency

Replacing a character with its keyboard neighbor: goofle.com (f is next to g). Typos naturally follow keyboard layout patterns.

Homoglyphs

Using characters that look identical but are different: g00gle.com (zeros instead of o's) or goοgle.com (Greek omicron instead of Latin o). These are nearly impossible to detect visually.

TLD Swaps

Registering your brand under different top-level domains: yourcompany.net, yourcompany.io, yourcompany.xyz. If you only own the .com, attackers use alternative TLDs.

Hyphenation

Adding hyphens to break up the name: your-company.com or you-rcompany.com. These look plausible in emails and documents.

Why Typosquatting Is Dangerous

Credential Phishing

The most common attack: create a login page that looks identical to yours, send emails from the lookalike domain, and harvest credentials. A domain like paypa1.com (with a one instead of an l) hosted a fake PayPal login for 3 years before being taken down.

Business Email Compromise (BEC)

Attackers register a domain one character off from your supplier or partner, then send invoices with updated bank details. The FBI's IC3 reported $2.9 billion in BEC losses in 2023 alone.

Brand Reputation Damage

Even if a typosquatted domain just shows ads or "this domain is for sale" pages, it signals to customers that your brand isn't protecting its digital presence.

Malware Distribution

Typosquatted domains can serve drive-by downloads, exploit kits, or redirect to malicious sites. Users who mistype your URL get malware instead of your product.

SEO Pollution

Squatted domains can host content that competes with your legitimate site in search results, or worse, get flagged by Google Safe Browsing in a way that taints your brand name.

The Scale of the Problem

For a typical 8-character .com domain, there are roughly 300-500 possible typosquat variants. For a major brand like "microsoft," that number exceeds 1,000. Most of these domains are available for registration at standard prices.

Studies show that 80-90% of popular brands have at least one typosquatted domain actively registered against them, and many have dozens.

What Makes a Typosquat Dangerous?

Not all typosquatted domains are equally risky. The key signals that indicate active abuse:

Active SSL Certificates

A typosquatted domain with a valid SSL certificate is likely being used for phishing. Attackers use free certificates from Let's Encrypt to make their fake sites show the padlock icon. A domain registered last week with a fresh SSL cert is a red flag.

MX Records

If a lookalike domain has MX records (mail exchange), it can send and receive email. This means an attacker could send phishing emails that appear to come from a domain very similar to yours — the foundation of BEC attacks.

Recent Registration

Domains registered in the last 30 days are more likely to be malicious than those registered years ago. Legitimate businesses register domains early; attackers register them when they're ready to attack.

Active Web Content

A typosquatted domain serving a real website (especially one that mimics your branding) is an immediate threat. Parked domains with "for sale" pages are lower risk but should still be tracked.

How to Protect Your Brand

1. Monitor Continuously

Manual checks don't scale. You need automated monitoring that generates all possible typosquat variants for your domain and checks daily for new registrations, DNS changes, and SSL certificates.

ServiceAlert.ai's Brand Monitor does exactly this — it generates hundreds of variants using 8 detection techniques (character swaps, omissions, duplications, keyboard adjacency, homoglyphs, TLD swaps, hyphenation, vowel swaps) and scans for registrations every 6-24 hours.

2. Register Defensively

Buy the most common typo variants of your domain before attackers do. Focus on:

  • Common misspellings
  • All major TLDs (.com, .net, .org, .io)
  • Keyboard-adjacent typos

You can't buy all 500+ variants, but the top 10-20 most likely typos are worth the $100-200/year.

3. Prioritize by Risk

Not every registered typosquat needs immediate action. Focus on domains that show active threat signals:

  • Critical: Registered recently + has SSL + active content that mimics your brand
  • High: Has SSL certificate (phishing-ready)
  • Medium: Resolves via DNS but no SSL
  • Low: Registered but not resolving

4. Take Action on Active Threats

For domains actively impersonating your brand:

  • Report to the registrar — Most registrars will suspend domains used for phishing
  • File a UDRP complaint — ICANN's dispute resolution process for trademark holders
  • Report to Google Safe Browsing — Gets the domain flagged in Chrome and Firefox
  • Notify your customers — If a phishing campaign is active, warn your users directly

5. Monitor MX Records

A typosquatted domain with MX records is set up to send email. This is a leading indicator of a BEC or phishing campaign. Our Brand Monitor now checks MX records for every registered variant and flags domains with email capability.

What ServiceAlert.ai Brand Monitor Offers

Our Brand Monitor provides enterprise-grade typosquatting detection:

  • 8 detection techniques — character swaps, omissions, duplications, keyboard adjacency, homoglyphs, TLD swaps, hyphenation, vowel swaps
  • Automated daily scanning with 6-hour intervals for brands with high-risk findings
  • MX record detection — identifies domains that can send/receive email
  • Domain categorization — classifies each finding as active site, parked domain, redirect, or error
  • RDAP/WHOIS enrichment — registrar, registration date, and expiry for every finding
  • SSL certificate checking — identifies phishing-ready domains with valid certificates
  • 4-tier risk scoring — Critical, High, Medium, Low based on registration age, SSL, and DNS
  • Risk trend tracking — see when a domain's risk level changes between scans
  • Alerts — get notified via email, Slack, Teams, Discord, or webhook when new high-risk typosquats appear

You can mark domains as owned (ones you control), ignore false positives, and add comments for your team. All findings are exportable as CSV or JSON.

The Cost of Doing Nothing

A single successful phishing attack using a typosquatted domain can cost your organization:

  • $4.88 million — average cost of a data breach in 2024 (IBM Cost of a Data Breach Report)
  • $50,000+ — average BEC loss per incident
  • Months of remediation — customer notification, credit monitoring, legal costs

Compare that to the cost of monitoring: included with Business and Enterprise plans on ServiceAlert.ai, or as a standalone feature starting at a fraction of the potential loss.

Don't wait for your customers to tell you they got phished from a domain that looks like yours. Find it first.

Start monitoring your brand | View pricing | Learn about our features