Move from explanation to action with the matching DomainCheck.co.uk tools for this topic.
Check whether brand-critical variants are already registered or exposed.
Useful when registrar control and transfer readiness are part of the risk model.
Use a human review path when a hijack or control issue touches a live brand asset.
Typosquatting is a specific brand abuse tactic, not the same thing as general domain strategy. A business can have a decent portfolio and still be exposed to lookalike domains, altered spellings, or deceptive registrations. This article focuses on the patterns attackers use and the practical controls that reduce the risk. It is intentionally separate from the broader brand protection strategy article so readers who are dealing with impersonation can move straight to the issue that matters.
Typosquatting is the registration of a domain that looks close enough to a real brand name that a user might mistype it, trust it by mistake, or assume it is official. The risk is not only traffic leakage. It can also support phishing, fake login pages, malware delivery, ad fraud, and simple customer confusion.
The most common typosquatting patterns are straightforward. A registrant may remove a letter, add an extra letter, swap the order of adjacent letters, or replace a letter with a similar-looking number. They may also use a slightly different extension, such as moving from a business's main UK domain to a near-match in another TLD. In some cases, the domain is not even intended to be visited directly; it is used inside emails or redirects to make the impersonation look convincing.
| Pattern | Example shape | Why it works |
|---|---|---|
| Missing character | A brand name with one letter removed | Easy for hurried users to mistype |
| Extra character | A repeated or inserted letter | Looks close enough at a glance |
| Character swap | Adjacent letters reversed | Still readable but subtly wrong |
| Lookalike number | A letter replaced with a similar digit | Useful in phishing-style impersonation |
Check the misspellings and extensions customers are most likely to confuse with the real brand.
See whether the domain is parked, redirecting, spoofing email, or hosting a fake page.
Save screenshots, redirect targets, and any messages or login pages linked to the domain.
Targeted coverage beats an unmanaged pile of defensive registrations. Buy the names that matter, then keep monitoring the rest.
If the lookalike domain is clearly impersonating your business, keep a record of what it is doing and where it resolves. If the behaviour includes fraud, fake login pages, or email abuse, escalation should be faster and more formal.
The right next step depends on the use case. Defensive registration may solve a simple mistake. Monitoring and redirecting may be enough for a low-risk overlap. If the domain is being used for impersonation, take-down or legal action may be appropriate. This article is not legal advice, but the operational rule is simple: do not ignore a domain that is harming trust.
Typosquatting protection is a mix of selective registration, monitoring, and fast response. The goal is not perfect coverage. The goal is to make the easiest attacks fail, spot the rest quickly, and keep your customers from being tricked by a domain that only looks official.