Oh what a difference an “o” can make!

I don’t know about you, but I love Christmas in Australia, long summer days, the sound of cicadas at night, seafood on Christmas day, or traditional ham with roasted veggies. I just love the festive season. And I must confess that I love Christmas shopping. Yep, I’m one of those people! Once I’ve put some time and thought into what gift I’d like to give to my family members, I go online and surf for the perfect bargain, or simply to find out which retailers have the gifts I want.

But in my haste to type in an address I do make typos, and I’ve just read a report that tells me one little typo like missing the “o” in “.com” could land me somewhere I don’t want to be! This seemingly innocent misspelling in domain names is actually a criminal scheme to direct you to scam websites.

In the past, McAfee released a report that revealed .vn as the riskiest country code domain name. In 2024, the winner was .su, which stands for the former Soviet Union. Although the country is defunct, scammers continue to use this domain for phishing attacks that spread viruses and other nasties designed to cause havoc on your home computer. Certainly not what you need this Christmas. Australia’s domain “.au” is relatively safe in comparison to the rest of the web, but it certainly doesn’t mean we’re safe while surfing the wild, wild web.

Another 2024 report showed that .com, aside from being the most popular top-level domain, is now also the most abused one used in typosquatting.

As you go online to shop for holiday presents, make your banking payments, or book your holiday travel, you’ll need to be more alert about typing those domain names on the address bars to avoid being a victim of typosquatting. Here’s a more detailed look at this scam, its dangers, and what you do if you accidentally end up on a dangerous site.

What is typosquatting?

Typosquatting is a cybercriminal tactic where attackers register domain names that closely resemble legitimate websites, specifically targeting common typing mistakes you might make when entering URLs. Google is the top impersonated brand, being misspelled online as goggle, closely followed by Microsoft as microsfot, and Amazon as amaz0n.

Malicious actors take advantage of the small slip-ups we all make, such as missing a letter, swapping characters, or hitting the wrong key, to redirect you to fake websites that steal your usernames, passwords, and personal information. Others may automatically download malware onto your device.

According to research in 2024, internet services are the most targeted names in typosquatting (29.2%), followed by professional services (26.09%) and online shopping websites (22.3%). The consequences can include identity theft, financial fraud, compromised accounts, and infected devices that put your entire digital life at risk.

Factors that enable typosquatting

Typosquatting thrives because it sits at the intersection of human habits and internet mechanics. Cybercriminals are banking on these small human blunders to direct you to their malicious look-alike domains, using visual tricks such as similar-looking characters or misleading subdomains. Throw in search ads and SEO that push these sites in front of us even without a typo, and you get a perfect storm for typosquatting. Once you understand the factors that allow typosquatting to flourish, you can avoid falling victim to it.

• Human error. The most common cause is simply how we type and interact with devices. We could be typing hurriedly, multitasking, or distracted, and using small mobile screens where errors can be easily made. Miss a letter, swap characters, or rely on predictive or autocorrect spelling, and you could end up on a compromised website.
• Visual deception. Cybercriminals create domains that look almost identical to legitimate ones using visual tricks such as replacing characters in a domain name. They also use lookalike subdomains that appear official, such as “secure-login.amazon-customer.com,” which isn’t Amazon at all.
• Domain system vulnerabilities. The global domain name system’s complexity creates multiple avenues for deception. Alternative top-level domains (TLDs) like .cm, .co, or .net can be registered to capture traffic meant for .com sites, creating more opportunities for lookalike domains that can bypass traditional security filters.
• Search result manipulation. Through search engine optimization tactics and paid advertisements, cybercriminals can position fraudulent sites prominently, increasing the likelihood you’ll click on them even though you haven’t made a typing error.

Common typosquatting tactics

Typosquatters use a playbook of tweaks built around the typing mistakes people make. The goal is always the same: catch you in a moment of hurry and usher you to a fake page before you notice anything’s off. Being aware of these common typosquatting techniques will teach you to recognize when you might be in danger of visiting a fake website.

• Keyboard-adjacent typos: These tactics exploit common typing mistakes when your fingers mistakenly hit nearby keys, such as typing “gnail.com” instead of “gmail.com”. Cybercriminals register these predictable mistyped domains to capture your traffic.
• Missing or extra letters: Attackers register domains with one letter removed or added to popular sites. You might type “amazo.com” or “amazoon.com” in your mad rush to shop online, landing on a fake site.
• Swapped characters: This involves switching the order of letters in familiar domains. Instead of “paypal.com,” you could accidentally visit “payapl.com” or “paypla.com.”
• Wrong top-level domains (TLDs): Scammers register the same domain name with different TLDs, which could host malicious content, including phishing pages. You might mean to visit “banking.com” but end up at “banking.net” or “banking.org.”
• Subdomain impersonation: These attacks use legitimate-looking subdomains to fool you. A URL like “secure-update.microsoft-login.com” might look official, but the actual domain is “microsoft-login.com,” not Microsoft’s real site.
• Homoglyph attacks: These use visually similar characters from different writing systems or symbol sets. In certain fonts or symbols, the letters “rn” together can look like “m,” so “arnazon.com” might appear as “amazon.com.” International characters and symbols make these attacks particularly deceptive.
• Brand + keyword combinations: Attackers combine popular brand names with common keywords to create convincing fake domains. Sites like “apple-support.com,” “google-security.com,” or “microsoft-updates.com” aren’t official company sites but can appear legitimate enough to trick you into entering personal information.

The dangers of typosquatting

Typosquatting puts you at risk in several ways, one of which is that cybercriminals can steal your personal information through convincing phishing pages that look identical to legitimate sites. You might unknowingly enter your login credentials, credit card details, or other sensitive data directly into their hands.

Malware downloads represent another significant threat. Some fraudulent sites automatically install harmful software onto your device, potentially giving attackers remote access to your computer or mobile device. Payment fraud is particularly concerning when typosquatting targets banking or shopping websites, as you could complete transactions that go straight to scammers instead of legitimate businesses.

Your privacy could also suffer when malicious sites steal cookies and session data, allowing criminals to impersonate you on legitimate websites. They can access your accounts, view your browsing history, and monitor your online activities without your knowledge.

Immediate action plan if you end up on a typosquatted site

1. Stop entering any information immediately. The moment you realize you’ve landed on a suspicious site, don’t move a finger to enter passwords, personal details, or payment information. Typosquatted sites are specifically built to capture this data, so your first defense is simply stopping any interaction with the page.
2. Close the browser tab or window right away. Don’t click any links, buttons, or ads on the suspicious site. Quickly close the tab or window to prevent any potential malware downloads or further data collection. If your browser warns you about leaving the page, ignore the warning and close it anyway.
3. Clear your browser data for that specific site. Go to your browser’s settings and clear the cookies, cache, and browsing data related to the suspicious domain you just visited. Google recommends this step to remove any tracking elements or malicious cookies that may have been installed during your brief visit.
4. Run a comprehensive security scan on your device. Use your antivirus software to perform a full system scan immediately to detect any malware that might have been downloaded while you visited the typosquatted site. Consider downloading a reputable solution like McAfee+ for complete protection.
5. Check your recent account activity on major services. Log into your banking, email, and social media accounts to review recent activity, login attempts, unauthorized access, and suspicious changes. The Cybersecurity & Infrastructure Security Agency recommends monitoring account activity after potential security incidents.
6. Change passwords and enable multi-factor authentication. If you entered any credentials on the suspicious site, change those passwords immediately across all your accounts and enable two-factor authentication where possible to provide extra protection.
7. Report the suspicious domain. To protect others, report the fake website to your browser provider (Chrome, Firefox, Safari) and to the Anti-Phishing Working Group.

Protect yourself against typosquatting

So here are my tips on how to stay safe while surfing:

Tip #1: Apply sunscreen

Well, the number one tip goes without saying, Slip, Slop, and Slap when you’re lapping up the glorious Aussie sun, and don’t forget to reapply!

Tip #2: Update your security software

I only have one word for you: Antivirus!

Now I’ve got to admit, since starting out on this quest as Cybermum, I’ve learnt a few things, and I think one of the most important lessons has been that you can never have too much protection when it comes to your home computer. I liken having up-to-date security software to reapplying your sunscreen. Just because you loaded some security software a couple of years ago, doesn’t mean you’re safe now! You’re bound to get burnt unless you reapply, so for your computer, this means update! Check out McAfee Total Protection.

Tip #3: Double-check before hitting enter

If you can end up in Cameroon surrounded by infected sites simply by missing an “o,” it’s certainly worthwhile checking your spelling before hitting the enter key!

I know I find it difficult to determine when a site is safe or not. I certainly know that my kids wouldn’t have even given it a second thought until I loaded McAfee’s WebAdvisor on our home computer. It’s pretty cool and it’s been really easy for my kids to understand as it provides a traffic light system of red, yellow and green icons to indicate a website’s risk level, so I know when my kids are surfing the net this summer they’ve got their own little traffic warden steering them away from sites that could have seen them surfing in Cameroon instead of Australia!

Aside from these key tips and the immediate steps listed above, I’ve rounded up a few other reminders to make sure you end up on a legitimate website and keep your device and information safe:

• Bookmark your trusted websites. Create bookmarks for your frequently used banking, shopping, and social media sites. This way, you can click directly on the bookmark instead of typing the URL and risking an error that could take you to a malicious site.
• Type URLs directly in your browser’s address bar. When accessing sensitive accounts such as online banking or shopping, always type the website address directly into your browser’s address bar rather than using search engine results, which might include malicious lookalike sites that aim to capture your information.
• Double-check domain names and extensions carefully. Before entering any personal information, take a moment to verify the exact spelling of the website address and its domain extension (.com, .org, .gov). Look for subtle changes such as extra letters, hyphens, or different extensions that signal a fake site.
• Enable your browser’s built-in security features. Turn on safe browsing warnings in Chrome, Firefox, Safari, or Edge to help detect and warn you about potentially dangerous websites.
• Consider secure DNS settings. Consider switching to secure DNS services such as Cloudflare (1.1.1.1) or Google DNS (8.8.8.8), and enable HTTPS-only mode in your browser to ensure encrypted connections to websites.
• Never click links in unexpected emails or text messages. In 2024, phishing continued to be the top method that scammers used to contact people and direct them to typosquatted domains. So instead of clicking links, type the website address directly or use your bookmarks.
• Trust your instincts. If a website looks different than usual, has unusual pop-ups, asks for unexpected information, or just feels strange, close your browser tab or window immediately. Trusting your instincts could be one of your best defenses against online threats.

Final thoughts

Typosquatting may seem like a small concern, but knowing its risks of typos can make a big difference in your online safety. Simple typing mistakes in domains can redirect you to malicious sites designed to steal your information or infect your devices.

To avoid becoming a victim of typosquatting, the key is for you to develop mindful habits such as bookmarking trusted sites and double-checking URLs before hitting the enter key on your keyboard, or before typing sensitive information or downloading files. Always look for secure connection indicators such as the padlock icon to confirm you’re on the correct website.

In addition, using reliable tools such as McAfee WebAdvisor and McAfee Total Protection gives you the assurance of safety while you browse, bank, and shop online. McAfee security solutions work quietly in the background, alerting you to suspicious sites and keeping you on the safe path. Share this knowledge with your family and friends, because when we’re all aware of these simple tricks that criminals use, we can all enjoy the internet more safely together.

Happy Christmas shopping and safe surfing.

Introducing McAfee+

Identity theft protection and privacy for your digital life

Download McAfee+ Now