Generally, the victim site of typosquatting will be a frequently visited website. The typosquatter's URL will usually be one of three kinds, all similar to the victim site address:

(In the following, the intended website is "example.com")

• A common misspelling of the intended site: exemple.com
• A common misspelling of the intended site: exemple.com
• A differently phrased domain name: examples.com

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. Sometimes competitors of the victim site will do this.

Alternatively, the user will be forwarded to a site of a completely different nature to what they intended. This tactic was infamously used by John Zuccarini, who redirected domains targeting children to pornographic websites. Sometimes, the typosquatters will use the false addresses to distribute viruses, adware, or othermalware.

Combatting typosquatting

A victim website will usually send a cease and desist letter to the offender at first, in attempt to quell the activity.

They may also try and purchase the website address from the typosquatter, which could have been the typosquatter's aim all along.

Occasionally, lawsuits will be taken against the offending site or individual.

A company may try and preempt typosquatting by obtaining a number of websites with common misspellings and redirect them to the main, correctly spelled website. For example www.gooogle.com, www.goolge.com, www.gogle.com www.gewgle.com, and others, all redirect to www.google.com. In another example, actor and politician Arnold Schwarzenegger is reported to control the domains with the ten most common misspellings of his surname.

Examples of typosquatting

• The domain of the Web site of the President of the United States, whitehouse.gov, has two high-profile "misspellings": whitehouse.com, which was a pornographic Web site, and whitehouse.org, a satirical site.
• Wikipedia is also a victim of typosquatting: www.wiipedia.org, www.eikipedia.org, www.wilipedia.org and en.wikipedi.org, [as of 2005], are all websites which contain pop-up ads, spyware/adware downloads, and ad-generating search engines.
• A related gambit is obtaining "800" numbers that correspond to misspellings; a good illustration is AT&T's sudden abandonment of "1-800-OPERATOR" and replacing it with "1-800-CALL-ATT". It seems that many Americans don't know how to spell operator, enough that MCI Communications was raking in a lot of business with "1-800-OPERATER", reaping the benefits of AT&T's advertising. (In both numbers, the final "R" is superfluous.)
• One example of a typosquatter is talkorigin.org without the "s" to draw people away from the www.talkorigins.org talk.origins Archive and to a creationist ministry website that expresses disapproval of evolution.

"Catchall" typosquatting

Other than individual domain name purchases, several attempts have been made by larger corporations to profit off of user typos by redirecting them without their knowledge.

• Microsoft's Internet Explorer automatically redirects users' mistyped URL queries to their MSN Search page. Though a user can reconfigure their browser to use a different search tool, Google, one of MSN's biggest rivals, is not in the list. However, on their web site, Google has explained how to make their search engine the IE default for mistyped urls.
• Top-level domain registry operator VeriSign's Site Finder automatically redirected traffic to URLs not registered by users. This caused a fair amount of outrage from the Internet standards community, and an emergency patch to BIND was issued to circumvent VeriSign's actions.
• Paxfire, a startup company, sells partner Internet service providers a tool that redirects mistyped queries to a Paxfire-generated page with sponsored advertiser content related to the mistyped "hotword". Revenue generated from user clicks is split between Paxfire and the Internet service provider.
• Certain types of malware pose as browser plugins and redirect a user's web requests or search queries without their knowledge or consent, even if the URLs themselves are properly typed.