Two Common Types of Cybersquatting

In this article we talk about two common types of cybersquatting.

In a much earlier post we wrote about ways cybersquatting harms an organization. Start here as it defines what cybersquatting is.

Our example domain name for the two types of cybersquatting attacks we’re using is We’ll assume that this is the legitimate website a bad actor wants to target.


Typosquatting is when a bad actor purchases a domain name that is purposely misspelled. The goal is to either hope you misspell the website you want to visit or if it’s a phishing attempt that you don’t notice the spelling “error” when a link is sent to you.

There are a few ways this is done:

  • Character insertion: Doubling up on a letter in malicious domain name. For this example, we’ll double up on the lower-case “L” in It now looks like examplle[.]com
  • Character removal: The bad actor removes a letter from the target domain name. The new malicious one looks like exmple[.]com where they removed the “a.”
  • Character transposition: Letters adjacent to each other trade places. An example of the malicious domain name may look like exampel[.]com where the lower-case “L” and “e” are swapped.
  • Character replacement: This is where a letter in the target domain name is replaced by it’s adjacent one. may end up looking like exanple[.]com where the “n” on a QWERTY keyboard is right next to the “m.” It might also look like what’s known as a homoglyph attack where you’re replacing a letter with a number, letter, or a grouping of letters that look like the original one. could look like examp1e (the 1 replaces the lowercase “L”) , or exarnple (the lowercase “r” and “n” combine to look like the letter “m”).
  • Wrong top level domain name: This is where the bad actor purchases a domain name that is spelled correctly, but it’s the wrong top level domain. For instance, is purchased by the bad actor in the hopes that you don’t remember the real site is at


Combosquatting is taking the target domain name and adding additional words to it typically separated by a hyphen. may end up looking like support-example[.]com. Something like this might find its way into a phishing message targeting an organization. It gives the appearance of it being I.T. support.

There are several reasons why a bad actor would do things like this:

  • Phishing to collect collect sensitive information or spread malware.
  • Creating landing pages to look like the target to profit off their name/reputation.
  • To sell counterfeit products thus affecting an organization’s intellectual property and revenue.

There are other types of cybersquatting attacks that exist, we’ve written and talked about punycode attacks here and here .

The number one thing you need to do when it comes to this kind of stuff is always make sure you are going to the website you intend on going to, so ensure that things are spelled correctly. This is the absolute bare minimum you can do, but there is by far a whole lot more that you need in place to protect yourself.

Organizations, here are a few of our offerings that we provide that helps uncover websites engaging in cybersquatting (or even username squatting if we’re looking for fake social media profiles):

Please take a look at our Business Services page for a little more detail.

On the personal side of things relating to what this article is about we offer:

  • Custom training to learn how to protect you and your family against scams and phishing attempts.
  • Consulting for technology that can help reduce the chances of someone browsing somewhere they shouldn’t that may cause a malware infection.
  • Identity theft protection and restoration for you or your family.

Please take a look at our Personal Services page for a little more detail.

To learn more, please fill out the contact form to get the conversation started.

Contact Us | Bsquared Intel

Please fill out the form below, or call 203.828.0012, to learn how bsquared intel can assist you.