Typosquatting for creators: why lookalike domains still work and how to block them

Typosquatting is the practice of registering a domain that visually resembles yours so people who are halfway paying attention end up there. It works on creators because creators are recognizable, fans are warm, and the cost of a domain is around twelve dollars. The defense is not technical wizardry. It is registering the four or five lookalikes that matter before someone else does.

What it looks like

You will see four flavors most often:

1. Typo. yorname.com, younrame.com, yornameofficial.com. Banking on people typing too fast.
2. Character swap. y0urname.com (zero for o), yоurname.com (Cyrillic о), yourname-official.com. Almost identical at glance.
3. TLD swap. Your .com is fine. Your .shop, .store, .fan, .link are theirs. Different domain, same handle.
4. Word append. yournamemerch.com, yourname-shop.net, theyourname.com. Adds a plausible suffix.

All four work because users do not read URLs. They scan for a familiar pattern. If the page that loads has your face, your colors, and your link tree, the visitor’s brain is already past the URL.

The economics, briefly

The attacker pays $12 to register. They spend a few hours cloning your link tree or stitching together a dropshipping store with your branding. They run the page for a week. Even if 90% of visitors bounce, the 10% who buy convert at $40 to $80. A few hundred clicks turns into a few thousand dollars. Then they let the domain lapse and move to the next handle on their list.

Your cost to undo the damage is much higher. Your cost to prevent it is the registration fee on a handful of TLDs.

What does not defend you

A short list of things people assume work but do not:

• Trademark. Useful for filing takedown notices, but the takedown takes 4 to 12 weeks. The scam runs in days.
• Verified badges. They protect inside the platform. Outside the platform, on a domain, the badge is irrelevant.
• Telling fans to be careful. Your audience is not your security perimeter. Treat it like one and you will lose people.
• DMCA on the content. DMCA is for copyright. Domains are not copyrightable. The wrong tool.

What does work

Two moves, in this order:

One: register the still-free lookalikes you actually care about. Do the 30-second exposure scan for your handle. The page tells you which TLDs are still free. Register the ones that match the four patterns above.

In practice, the high-value picks for a creator are: .com, .net, .co, the platform-relevant one (.shop, .store, or .app), and one or two cheap defensive ones (.xyz, .link). That is five domains. About $90 a year.

Two: point each one somewhere safe. A 301 redirect to your Instagram or your real domain is fine. The point of owning the lookalike is not to use it. It is to deny it to attackers. If a follower types yourname.shop by accident, they should land on you, not on a phishing page.

If you want this on autopilot via Dominguard’s Basic plan across the twelve TLDs we sweep, Dominguard registers them in your name, sets the redirect, renews them annually, and watches for new abuse from neighboring TLDs.

The character-swap edge case

Cyrillic and other Unicode lookalikes are nasty. у (Cyrillic small u) and у (Latin u) render almost identically in most fonts. Browsers now show a Punycode warning (xn--…) for some, but not all. If you find one in active use against you, your fastest path is to file an abuse report with the registrar and host. Cloudflare and Namecheap, in particular, have decent abuse pipelines. ICANN is slow.

The realistic timeline

Here is the rough timeline of a typosquatting incident left to itself:

• Day 0. Attacker registers y0urname.com.
• Day 1. They DNS it to a clone of your link tree.
• Day 2 to 7. Posts go out from a fake account that links to the new domain. A small number of followers click and buy.
• Day 8 to 14. A fan messages you. You realize something is wrong.
• Day 14 to 30. You file UDRP or abuse reports. The domain may or may not come down.
• Day 30+. The attacker has already moved on. Some of your followers have lost money and trust.

The timeline of prevention is shorter:

• Minute 1 to 5. Run the exposure scan.
• Minute 5 to 30. Register the four or five high-value lookalikes.
• Minute 30. You are done.

Where to go from here

• Run the 30-second domain check to see your exposure.
• Read the priority order for the twelve TLDs we cover to decide which ones matter most for your platform.
• If a lookalike domain has already burned you, the eight-minute story walks through what to do next.