Skip to content

How Typosquatters Trick Holiday Shoppers

December is a peak online shopping season, with Cyber Monday alone reaching billions of dollars in sales. Because the internet is flooded with deals, many shoppers let their guards down and become susceptible to typosquatters, who trick consumers into buying counterfeit products or giving away sensitive information. It's important for payment service providers to be aware of these merchants entering their portfolios at this time of year.


What is Typosquatting?

Typosquatting is a deceptive tactic typically intended to trick internet users into visiting websites they believe are operated by a trusted entity. Instead, the websites may attempt to steal a user's information, sell counterfeit products or services, or engage in other forms of illicit activity that can harm consumers and damage brands.

Typosquatters capitalize both upon genuine typographical errors that an unwitting user might enter - for example or - as well as visually deceptive domain names an internet user might not immediately recognize as falsified.


What Are Some Typosquatting Tactics?

There are many methodologies typosquatters use to mimic an authentic domain name. Often a typosquatter will make use of a typo, such as, or will use an alternative top level domain (TLD), such as  Other cybercriminals trick consumers using trailing text, such as There are more sophisticated techniques as well; see our typosquatting guide for some real examples.


What to Watch Out For

While consumers should carefully scrutinize every new website they visit, payment service providers can also take action to prevent typosquatters from appearing in their portfolios. They can:

  • Watch out for merchants applying for merchant accounts with domain names that are suspiciously similar to well-known brands.
  • Carefully scrutinize merchants using domain names that include common typosquatting techniques, such as starting a domain name with "www-."
  • Invest in merchant monitoring services, such as those provided by LegitScript, to quickly flag suspicious merchants who may be engaged in phishing, IP infringement, or other problematic activity.


Want to learn more? Download our Typosquatting Guide for more examples and a case study of an offshore internet service provider operating as a cybersquatting safe haven.

person typing on a mobile phone


Recent Blog Articles

Levels of risk.

What You Need to Know About the Different Levels of Merchant Risk

Many risk mitigation approaches focus on high-risk merchants, but what about medium-risk merchants? Being aware of the various levels of risk and which category your merchant falls into is a critical step in quantifying risk. Let's delve into what low-, medium-, and high-risk merchants are and the v...
Northern Colorado Hemp Exposition (NOCO)

Navigating Compliance: LegitScript’s Insights from NOCO

Join LegitScript on a journey to the 10th annual Northern Colorado Hemp Exposition (NOCO), where we immersed ourselves in the heart of the CBD industry. LegitScript shared critical compliance knowledge, exchanged insights with industry peers, and absorbed vital regulatory updates from the FDA and US...

What’s Hiding on Your Marketplace? A Look at How Risk Infiltrates Your Platform

You monitor seller listings on your e-commerce marketplace, but do you know what's going on behind the scenes - or, rather, behind the screens? Illegal and brand-damaging activity isn't always easy to spot, and the risk only compounds as your platform scales. In this post, we explore violative activ...
Addiction Treatment Advisory Committee

Harnessing Collaboration: Highlights from LegitScript’s First Advisory Committee Meeting of the Year

Last year, LegitScript set out to relaunch its Addiction Treatment Certification Advisory Committee in order to strengthen avenues of communication and ensure the continued improvement of its Certification solutions. On March 27, 2024, the revitalized committee convened for the first time. Keep read...