WrongPage
Start free
⚠ You probably landed here by typo

That misspelled URL you just typed could have stolen your data.

You meant to visit a real brand. Instead you arrived here because someone registered a lookalike of that brand's domain. We bought it first to show you how dangerous this is — most of the time, the person on the other end is not this friendly.

Protect my brand → How WrongPage works
13M+
typosquat domains seen in the wild (2025)
70%
of phishing campaigns use a lookalike domain
3 sec
average time before a fooled visitor enters credentials
€4.45M
average cost of a data breach (IBM 2024)

What is typosquatting?

Typosquatting (also: URL hijacking, domain squatting, brand-jacking) is the practice of registering domain names that look almost identical to a popular brand — gooogle.com, paypa1.com, amaz0n-support.com — and using them to intercept traffic, steal credentials, defraud customers, or silently siphon email.

The attack is cheap (€8/year per domain), legal to perform until you're sued, and effective: even careful users miss a single transposed character or a Latin "o" replaced with a Cyrillic "о". Browsers do not warn you. Search engines often rank the lookalikes near the real site.

Six ways attackers monetise a typo

The same fake domain is reused across multiple attack types. One registration powers credential harvesting, mail spying, ad fraud and BEC simultaneously.

Lookalike domain registration

Attackers buy gооgle.com (Cyrillic 'о'), goog1e.com, or googel.com. The address bar looks right at a glance. They host a near-perfect clone of your login page and harvest credentials.

MX spying — silent email interception

Attackers register a typo domain and configure an MX record. Anyone who fat-fingers an email to [email protected] instead of .com — invoice attachments, tax forms, password resets — quietly lands in their inbox. You never see it. They reply pretending to be you.

Business-email-compromise (BEC)

An attacker registers your-company.co (instead of .com), spoofs your CFO, emails a vendor: 'New banking details, wire €240k here.' This is the #1 cybercrime by dollar loss according to the FBI's IC3.

Malware & drive-by downloads

A typo domain redirects to a fake 'update your browser' or 'install our app' page. Stealer malware, ransomware, and remote-access trojans get dropped onto corporate laptops.

Brand impersonation & ad fraud

Attackers run Google or Meta ads pointing at lookalike domains, intercepting traffic that was meant for your real site. Your CAC goes up, their conversions are pure profit.

Reputational damage

Even a parked typosquat showing porn ads, scam crypto offers, or competitor links erodes customer trust the moment they accidentally land on it.

✉ Most underrated risk

MX spying, in four steps

The browser-side typosquat (fake login page) is the famous attack. The far quieter, far more profitable cousin is MX spying: silently catching every email that anyone, anywhere, mistypes to your domain.

  1. 1
    Register the typo
    Attacker buys yourcompany.co (you own .com). Costs €8/year.
  2. 2
    Add a wildcard MX record
    Any email to [email protected] now lands in their mailbox.
  3. 3
    Wait & harvest
    Customers, partners, recruiters and even your own employees mistype recipients. Invoices, contracts, password resets, tax PDFs — all silently captured.
  4. 4
    Weaponise
    Attacker replies with 'updated bank details', spoofs your domain to victims, or simply sells the inbox to ransomware affiliates. You never know it happened.

You will almost never detect this on your own. The attacker doesn't send anything. They just receive. Your DMARC, SPF, and DKIM records protect emails from your domain — they do nothing about emails to a lookalike one.

Real cases

  • .cm typo trap (Cameroon TLD). For years, hundreds of millions of US users mistyping .com as .cm landed on parked pages operated by a single individual generating an estimated $700k/year in ad revenue — including misdirected traffic for Apple, Google and Walmart.
  • Mattel BEC, $3M. A finance executive received an email from a lookalike of the CEO's domain authorising a vendor wire. The €3M wire cleared before anyone realised.
  • PyPI / npm typosquats. Malicious packages with names like requets, colourama, crossenv stole credentials, SSH keys, and crypto wallets from developers who fat-fingered an install command.
  • Banking lookalikes. European banks routinely see fresh typo registrations within hours of any marketing campaign, with login pages cloned to the pixel and 2FA-relay infrastructure already wired in.

What a defender actually needs

You cannot prevent registration of every lookalike — there are millions of plausible permutations across hundreds of TLDs. What you can do is detect them as soon as they activate, before anyone clicks a phishing link or wires money to the wrong account.

  • Continuous monitoring of every plausible permutation of your brand domains
  • Detection of new MX records on lookalike domains before they're used
  • Visual-clone scoring against your real site (perceptual hash + diff)
  • Alerts the moment a registration goes from 'parked' to 'active web' or 'active mail'
  • Defensive registration recommendations for the highest-risk variants
  • WHOIS / RDAP enrichment so you know who registered the squat and when

Start protecting your brand

First scan free. No credit card. See your actual typosquats in under a minute.

Create free account → See pricing