November 23, 2015

Share Everywhere

Scam Alert: Typosquatting

When you are texting, surfing the Internet, or writing an e-mail, how many typos do you think you make?

With technology like auto correct and spell check, many of us don’t worry too much if we make a mistake while typing, because the computer or phone will catch it before we send!

But what happens if you type a website URL in to your browser incorrectly? For example, say you want to go to and type instead. Some websites will redirect to the correct URL, but other times, you may find yourself on a fraudulent website. Identity thieves are banking on our poor typing skills and engage in a type of online fraud called “typosquatting,” which allows them to potentially get hold of our personal information.

Financial institutions are among the top business websites that hackers target for typosquatting. How do they do it? They purchase URLs that are similar to the URLs of popular financial institutions. If they are trying to trick Wells Fargo customers, whose real URL is, they might buy or Then, the thieves put up websites that look exactly like the Wells Fargo website. They simply wait for you to type in the wrong URL, go to their fraudulent website, and enter your login information. After that, they have enough information to be able to access your real Wells Fargo account and steal as much information as they want to.

Researchers from the Belgian University of Leuven and U.S.-based Stony Brook University looked a bit deeper at typosquatting and published their findings in a report called Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse. They found that among the 500 most popular sites on the Internet, 95% are targeted by typosquatters. That means that whether we like to admit it or not, many of us have likely been victims of typosquatting at one point or another. Some companies practice defensive registration, meaning they purchase the misspelled versions of their URLs before anyone else can — but the researchers found that most companies do not engage in defensive registration.

So, how can you protect yourself? How can you spot a fraudulent website?

When you first land on a website — before entering in any personal information or clicking on any links — stop and think “Is this website legit?” Taking a few moments to scan the site can play a big role in helping to prevent identity theft.

Check The Address

The primary clues can be found at the top of the page in the URL address bar. Look very closely at the URL — is it definitely the one you meant to type in? If you think it looks a little weird, or you’re not sure, go to a search engine like Google first and search the company name. The real company website should be one of the top, if not the top, results on the search results page. Click through to the website via Google.

yahoo typosquatting error

Notice the zero being used instead of the letter “o”

HTTPS Protocol

If you are visiting a financial website, or any type of website that handles sensitive information, look up at the URL address bar again. In the left corner, there should be a lock symbol and it should tell you the company that the URL is registered to. This shows you that the site is secure, and provides you with added peace of mind knowing the real company registered the URL.

secure website

Check for the “lock” icon, along with the HTTPS protocol, before you enter in any sensitive information

Visual Inspection

Finally, just look at the website. Does some of the wording seem off? Are there typos? Do any of the images appear to be low-resolution? Some hackers that engage in typosquatting put up websites that are less than perfect in an attempt to get something up quickly. If the website doesn’t look right, don’t risk entering your personal information.

citizens bank typosquatting error

This definitely does not look like the real Citizens Bank website

Typosquatting is just one of the ways identity thieves are trying to steal your information, but by keeping your eyes open for red flags, you are taking a big step in protecting yourself.

Melanie Medina

Sr. Director of Digital Marketing at IdentityForce
Melanie is a native of Bolivia who has lived in Boston for over 10 years. She likes to make time to travel, jog, read, and play backgammon. Fueled by copious amounts of coffee, Melanie stays on top of her to-do list while also keeping abreast of identity theft issues. Serious data breaches are happening all the time in the U.S. and Melanie loves being part of a solution that brings peace of mind to families across the country.

Latest posts by Melanie Medina (see all)

Join The Discussion

Your email address will never be published.