Cyber & Technical Scams
Typosquatting Scam
Fake websites with URLs similar to legitimate sites (like "arnaz0n.com" or "paypa1.com") designed to steal credentials, distribute malware, or harvest payment info.
Reported Losses
Part of data theft, credential harvesting, and phishing losses
Primary Targets
Anyone who types URLs manually or clicks links quickly
Last Updated
2026-01-07
Also Known As
Lookalike Domain
How Scammers Contact You
How This Scam Works
Scammers register domains that look almost identical to legitimate websites.
**Common techniques:** 1. **Typos**: gooogle.com, amazn.com, walmrat.com 2. **Letter substitution**: paypa1.com (number 1 for letter l), arnazon.com (rn looks like m) 3. **Added words**: amazon-deals.com, paypal-login.com 4. **Different TLD**: amazon.co (instead of .com), google.net 5. **Homoglyphs**: Using Cyrillic or other characters that look like English (Π°mazon.com)
**What these sites do:** - Display login pages identical to real sites β steal credentials - Prompt downloads β install malware - Show fake order pages β steal payment info - Redirect to scam sites - Display ads for revenue (less malicious but still deceptive)
Red Flags to Watch For
- β οΈURL has a typo or looks slightly off
- β οΈLogin page asks for more info than usual
- β οΈSite certificate warning in browser
- β οΈSite design is slightly outdated compared to real site
- β οΈPrompted to download something unexpected
- β οΈURL uses unusual domain extension
- β οΈSite found through search ad rather than organic result
- β οΈClicking a link from email lands on unfamiliar domain
π Real Victim Account
"I typed 'wellsfagro.com' instead of 'wellsfargo.com' by accident. The site looked identical to Wells Fargo's real site. I logged in before noticing the URL was wrong. The scammers tried to transfer $8,000 out of my account that night. Luckily, Wells Fargo's fraud detection caught it."
β Better Business Bureau Scam Alert
How to Protect Yourself
- 1Bookmark important sites rather than typing URLs
- 2Always check the URL in the address bar before entering credentials
- 3Look for HTTPS and valid certificates (lock icon)
- 4Be careful when typing β slow down for important sites
- 5Use a password manager β it won't autofill on fake sites
- 6Don't click login links in emails β navigate directly to sites
- 7Use browser security features that warn about suspicious sites
- 8Be extra careful with shortened URLs (bit.ly, etc.)
π What to Do If You're a Victim
- 1If you entered credentials, change that password immediately
- 2Change password on any site where you used the same one
- 3Enable 2FA on affected accounts
- 4Run antivirus if you downloaded anything
- 5Monitor accounts for unauthorized access
- 6Report the fake domain to Google Safe Browsing
- 7Report to the legitimate company being impersonated
- 8Report to FTC at ReportFraud.ftc.gov
π Related Scams
Fraudulent e-commerce websites that take your payment but never deliver products...
Highly personalized phishing emails written by AI that are more convincing and h...
Phishing emails disguised as legitimate data breach notifications that trick you...
π Sources & References
Think You've Encountered This Scam?
Use our AI-powered scanner to analyze suspicious URLs, emails, or messages.