Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Typosquatting

Mar 25, 2025 | Updated Mar 25, 2025
Typosquatting is a deceptive practice where scammers create nearly identical versions of legitimate websites or crypto addresses to trick users into visiting fake sites or sending funds to the wrong destination.

Typosquatting is a deceptive practice where scammers create nearly identical versions of legitimate websites or crypto addresses to trick users into visiting fake sites or sending funds to the wrong destination.

What Is Typosquatting?

Typosquatting (also called URL hijacking or domain mimicry) is a type of phishing scam where attackers create domains that closely resemble popular websites but contain subtle differences. These fake websites may look identical to the legitimate site but are designed to steal your information or funds.

Some tell-tale signs of scam websites include: 

  • Subtle misspellings, such as an additional character, e.g., gooogle.com vs. google.com 
  • Transposition of characters, e.g., faecbook.com
  • Foreign language spellings
  • Subtle variations of top-level domains (such as .co instead of .com)
  • Plurals of a singular domain name
  • Misleading capitalization, such as capitalizing the letter “i” to replace a lowercase “L” 

If an attacker acquires the victim’s details via such a scam site, they can gain access to the user’s real account and obtain sensitive information, such as banking details, social security numbers, or even crypto account logins.

Typosquatting in Crypto

In the crypto context, typosquatting scams can involve the attacker creating a deceptive Blockchain Naming System (BNS) (such as the Ethereum Name Service (ENS)) domain name to redirect crypto payments into their own addresses. The fake clone can also dupe unwitting users into submitting their credentials, Know Your Customer (KYC) details, or even payment information, which the attacker can then harvest and exploit.

To explain, a BNS makes crypto transactions more convenient by replacing complex cryptographic recipient addresses with human-readable names. However, this opens up another way for typosquatters to take advantage of users, leading to an irreversible transfer of funds to the attacker’s wallet rather than the intended recipient.

How to Protect Yourself

  • Always double-check recipient addresses before sending cryptocurrency
  • Bookmark official websites rather than typing URLs
  • Use official mobile apps from trusted sources
  • Verify the URL carefully before entering your credentials
  • Check transaction history on blockchain explorers before sending to new addresses
  • Consider using hardware wallets for additional security

Remember: Cryptocurrency transactions are irreversible. Once funds are sent to a scammer’s address, they cannot be recovered.

Sound Money

Sound money refers to a form of money with certain fundamental attributes that allow it to retain its stability, reliability, and purchasing power over time

Full definition

Smart Contract Account

A Smart Contract Account is a program on the blockchain that is controlled by its own code, not by a user's private key.

Full definition

Proof of Knowledge (PoK)

Proof of knowledge refers to a protocol where one party (the prover) succeeds in convincing the other party (the verifier) that they know something.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.