What is typosquatting and how does it work?

Typosquatting is when attackers register domains that closely resemble legitimate ones, relying on common typing mistakes or visual similarity. Examples include "gooogle.com" (extra letter), "amazom.com" (adjacent key), or "paypa1.com" (number substituted for a letter). Homograph attacks take this further by using characters from non-Latin alphabets that look identical to English letters, like Cyrillic "a" replacing Latin "a." Victims land on these fake sites, which mimic the real login page, and unknowingly enter their credentials.

How can you verify a URL is legitimate before clicking?

Hover over links to preview the actual destination URL before clicking. Read the domain name carefully from right to left, starting with the top-level domain (.com, .org) and working backward through the subdomain. Bookmark frequently used sites and navigate through bookmarks instead of typing or clicking links. For critical sites like banking, type the URL manually. Browser extensions that flag known typosquatting domains provide an additional layer of protection.

Typosquatting Awareness

Catch the domain tricks attackers use against you.

What Is Typosquatting Awareness?

Typosquatting is the practice of registering domain names that are slight misspellings or visual lookalikes of legitimate websites, and it catches more people than you would expect. This exercise presents you with a series of URLs and login pages where the differences are measured in single characters. You will encounter domains that swap letters (googel.com), add extra characters (microsooft.com), and use international characters that look identical to Latin letters but point to entirely different servers. That last technique, called a homograph attack, can make a fake domain appear pixel-perfect in your browser's address bar. The simulation places you in realistic situations: clicking a link in an email, typing a URL from memory, and scanning a QR code that redirects through a shortened link. You will build the habit of verifying domains character by character, using bookmarks instead of typing, and checking where shortened URLs actually lead before entering any credentials.

What You'll Learn in Typosquatting Awareness

Detect common typosquatting techniques including character swaps, additions, and omissions in domain names
Recognize internationalized domain name (IDN) homograph attacks that use visually identical Unicode characters
Verify URL destinations before entering credentials by inspecting the full domain in the browser address bar
Apply safe navigation habits such as bookmarks and direct typing to avoid landing on lookalike domains
Evaluate shortened URLs and QR code destinations to confirm they resolve to legitimate websites

Typosquatting Awareness — Training Steps

Welcome to Cascadia Insurance Partners

Today you need to access the HR portal to update your direct deposit information for an upcoming payroll change. You've done this many times before - it's a routine task.
A Quick Task Before Lunch

It's 11:45 AM and Alice wants to finish this quick task before her lunch break. She opens her browser and quickly types the HR portal URL from memory. In her hurry, she types cascadiansurance.com instead of cascadiainsurance.com - missing the 'i' in 'insurance'.
The Fake Portal

The browser loads a page that looks exactly like the company's HR portal. The logo, colors, and layout are all familiar. Alice doesn't notice anything wrong.
Something Went Wrong

After entering her credentials, the page displays a generic error: 'Unable to connect to server. Please try again later.' Alice is annoyed but assumes the HR system is having technical issues. She decides to try again later and opens her email to work on other tasks.
The Security Alert

Alice receives an urgent email from IT Security.
Realizing the Mistake

Alice's heart sinks. She remembers trying to access the HR portal earlier and getting that error message. Could she have entered her credentials on a fake site? She needs to call IT Security to report what happened and find out how her credentials were stolen.
Analyzing the Attack

IT Security has confirmed that Alice fell victim to a typosquatting attack . Let's examine the fake site she visited to understand how it happened. Notice the subtle differences that Alice missed in her hurry.
The Typosquatted Domain

The most critical red flag was in the domain itself.
How Typosquatting Works

Typosquatting is a form of cybersquatting that exploits typing mistakes. Attackers: 1. Register lookalike domains - They identify popular websites and register domains with common typos cascadia n surance.com (missing 'i') cascadiainsurnace.com (letters swapped) cascadiainsurance.net (wrong TLD) cascadiainsurrance.com (extra letter) 2. Clone the legitimate site - They copy the visual design pixel-for-pixel 3. Harvest credentials - Users who mistype the URL unknowingly enter credentials on the fake site
Accessing the Security Portal

Alice needs to file a formal incident report documenting what happened. She navigates to the Security Portal - this time carefully verifying the URL before entering credentials.

What Is Typosquatting Awareness?

What You'll Learn in Typosquatting Awareness

Typosquatting Awareness — Training Steps

Welcome to Cascadia Insurance Partners

A Quick Task Before Lunch

The Fake Portal

Something Went Wrong

The Security Alert

Realizing the Mistake

Analyzing the Attack

The Typosquatted Domain

How Typosquatting Works

Accessing the Security Portal