Skip to Content
© Leonid Sorokin | Dreamstime.com
Security & privacy

Watch out: Your typos can actually cost you money

There are plenty of mistakes that can cost you money. One small slip can add an extra zero to a peer-to-peer payment or a decimal point to a sloppy invoice.

Human error isn’t the only costly mistake you can make, either. Leaving your personal information or accounts open to cybercriminals or hackers can also be an expensive error. It happens more often than you’d expect, too. Tap or click for steps to make sure hackers cannot access your home network and files.

One thing you don’t always think about being a costly error, though, are typos. Most are just mistakes that can be easily corrected. But not all are that simple. There’s a pretty big risk you take when misspelling URLs and other important information on the web, and now the Better Business Bureau is sounding the alarm.

Typosquatting can cost you serious dough

Have you ever heard of typosquatting? It’s a form of cybersquatting that’s also known as URL hijacking, and it involves misspelling a popular domain name to garner traffic and scam visitors of the site. This type of scammy behavior has gotten so prevalent that the BBB is warning people to be aware of it.

There are a few ways that criminals will typosquat. In most cases, a typosquatting scam will involve buying a domain name that resembles another legitimate website. Once the domain is secured, the dummy site is set up to pretend to be another entity or business. 

When people type in the legitimate domain but misspell it, often due to fat finger syndrome while typing on a mobile device, they’re directed to the fraudulent typosquatting site instead. If done correctly, the fraudulent site will have been built to resemble the legitimate site to keep any suspicions at bay.

If successful, the visitor will navigate around what they think is a legitimate site, entering payment details, personal information or other information that can be used for identity theft.

In many cases, criminals behind these sites will also send emails from the misspelled domain name to fool the recipient into thinking it came from the legit company. If the victim doesn’t catch it, they’ll end up interacting with a criminal rather than the trusted source of the website they think they’re visiting.

Related: 5 scams spreading online that can cost you thousands

There are tons of different reasons criminals opt to use typosquatting, including:

  • To make a quick buck – In many cases, criminals will use typosquatting as a way to convince the reputable site to buy the fake domain for more than they paid for it.
  • Selling inferior goods or services – These sites are also used to sell fake or inferior products or take a buyer’s money and never deliver a product.
  • Spreading malware – These sites can also infect your device with malware if you download anything from them.
  • Getting clicks or views – Ad clicks earn revenue, so if a domain has enough typo traffic directed to it, the person who owns the domain could profit.
  • To steal sensitive information – If you fill out payment or personal information on one of these sites, you’re handing it over to scammers.
  • Hurting reputations – There could be sites like these created for humiliation and not profit. This can happen with bad blood or competition or general grudges.

Whatever the purpose behind URL hijacking, one thing is for sure: you don’t want to fall victim to these types of sites. It can put your bank account and personal information at risk.

How to avoid falling victim to typosquatting

Given our reliance on technology, it can be easy to fall victim to these types of scams. To protect yourself, start by paying attention to the URLs you’re typing on your phone, tablet or computer. Make sure you’re inputting the URL correctly. Avoid rushing or guessing at the domain’s URL and double-check what you type.

You should also keep a close eye on the email addresses of the communication you receive. If you hover above the email address, you can check for typos or punctuation that notes a fraudulent account.

Related: The worst identity theft scam you’ve never heard of

Make sure any shopping or e-commerce sites you visit are legitimate and secure, too. You can look for the padlock symbol and make sure the web address includes HTTPS://. This lets you know that the site you’re using is secure and will protect your payment information.

And, if you come across anything unusual, be sure to report it to the Internet Crime Complaint Center. This will help protect others from falling victim to these types of sites.

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out