Typosquatting Scams and The Serious Consequences For Digital Crime

What is Typosquatting and Why It Comes With Serious Consequences

Typosquatting is an increasingly common feature of online fraud and cybercrime. While it may appear at first glance to be a technical or commercial issue, it can in fact form the basis of serious criminal allegations.

In simple terms, typosquatting involves registering a domain name that is a misspelt or visually similar version of a legitimate website, often with the intention of diverting users who make typing errors.

For example, a domain such as “amv1a.co.uk” could be used to mimic a genuine business and mislead users into believing they are accessing a trusted site.

Although typosquatting is not a standalone criminal offence in the UK, it frequently underpins offences such as fraud, phishing and the distribution of malware.

From a criminal defence perspective, cases involving typosquatting often turn on issues of intent, knowledge and the use to which a domain was put.

The legal position in the UK

Unlike the United States, which has specific legislation addressing cybersquatting, the UK relies on a combination of criminal law, civil remedies and regulatory processes to address the issue.

The most relevant legal frameworks include the Fraud Act 2006, the Trade Marks Act 1994, and the common law tort of passing off. In addition, domain disputes may be dealt with through administrative schemes such as Nominet’s Dispute Resolution Service (DRS).

Whether conduct amounts to a criminal offence will depend largely on how the domain is used. The mere registration of a similar domain name is not, in itself, unlawful. However, where it is used to deceive or exploit users, criminal liability may arise.

When does typosquatting become a criminal offence?

In practice, typosquatting is often used as a gateway to wider criminal activity. The most common examples include:

phishing: creating fake websites to obtain login details, banking information or personal data;
fraud: deceiving users into making payments or providing financial information under false pretences;
malware distribution: infecting devices with ransomware or spyware through deceptive websites;
counterfeit sales: posing as legitimate retailers to sell fake or non-existent goods.

Where such activity is present, offences under the Fraud Act 2006 may arise, particularly where there is evidence of dishonesty and intent to make a gain or cause loss.

In more serious cases, offences under the Computer Misuse Act 1990 may also be considered, particularly where systems are interfered with or unauthorised access is involved.

Civil liability and regulatory action

In addition to potential criminal consequences, individuals or businesses involved in typosquatting may face civil claims. Brand owners may bring proceedings under the Trade Marks Act 1994 where a domain name is confusingly similar to a registered mark.

Claims for passing off may also arise where a domain is used in a way that misrepresents an association with a legitimate business, causing reputational or financial harm.

In many cases, disputes over domain names are resolved without court proceedings through Nominet’s Dispute Resolution Service. This process allows domain names to be transferred or suspended where they have been registered in bad faith.

Enforcement and investigation

Typosquatting cases often form part of wider investigations into cybercrime.

Law enforcement agencies may work with domain registrars and organisations such as Nominet to identify and suspend domains linked to criminal activity.

Large-scale operations may involve multiple domains, international infrastructure and coordinated activity across different platforms. As a result, investigations can be complex and heavily reliant on digital evidence, including server logs, IP data and online communications.

Victims of suspected fraud or cybercrime are typically advised to report incidents to Action Fraud, the UK’s national reporting centre.

Key criminal defence considerations

From a criminal defence perspective, cases involving typosquatting often centre on issues of intent and knowledge. The prosecution must establish that the defendant acted dishonestly and intended to deceive or exploit users.

Several potential lines of defence may arise depending on the facts of the case.

First, there may be arguments that the domain was registered for a legitimate purpose, such as a genuine business venture or unrelated project, and that any similarity to another site was coincidental.

Secondly, the defence may challenge whether the defendant was responsible for the use of the domain in question. In some cases, domains may be registered in one name but used or controlled by others.

Thirdly, the issue of knowledge may be central. A defendant may argue that they were unaware of how the domain was being used, particularly in cases involving third-party hosting or compromised accounts.

Finally, evidential issues are often significant. Digital evidence must be carefully analysed to establish what activity took place, who was responsible and whether the necessary elements of any alleged offence are made out.

Potential outcomes

The consequences of typosquatting-related activity will depend on the nature and seriousness of the conduct.

In less serious cases, the outcome may be limited to civil proceedings or the transfer of a domain name through a dispute resolution process. However, where criminal offences are established, the penalties can be substantial.

Convictions under the Fraud Act 2006 can result in significant custodial sentences, particularly where there is evidence of organised or large-scale activity. Additional consequences may include confiscation proceedings under the Proceeds of Crime Act 2002, leading to the recovery of any financial benefit obtained.

There may also be wider reputational and professional consequences, particularly for individuals involved in business or regulated industries.

A growing area of cybercrime

As more commercial and personal activity moves online, the risks associated with typosquatting are likely to increase. While the act itself may not be a standalone offence, its role in facilitating fraud and cybercrime means it is firmly within the focus of law enforcement.

For criminal defence practitioners, these cases often involve complex digital evidence, questions of intent and overlapping civil and criminal issues. Ensuring that allegations are properly tested and that defendants are treated fairly within the legal framework remains essential.

How We Can Help.

If you have any questions regarding this article or require any legal representation regarding cybercrime then don’t hesitate to call us now on 0161 477 1121 or email us.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.