Spot the Difference: Domain Twists

Sometimes all it takes is a tiny domain twist, one extra letter, to fool a busy finance rep into sending $50,000 to cybercriminals.

Cybercriminals know that most of us read with a “mental autocorrect” on, meaning our eyes can skip right over small changes in domain names. To show you just how easy it is to get tricked, here’s a little “spot the difference” game. Look at each pair below and see if you can spot the real versus the imposter. Some will be obvious; others might fool you at first glance!

1. amɑzon.com vs. amazon.com
   • Fake twist: Replacing the letter “a” with a similar-looking character from another alphabet.
2. go0gle.com vs. google.com
   • Fake twist: Swapping the letter “o” for the digit “0.”
3. mıcrosoft.com vs. microsoft.com
   • Fake twist: Inserting a Turkish “ı” (without the dot) instead of a standard “i.”
4. netflx.com vs. netflix.com
   • Fake twist: Simply removing one letter (“i”).
5. faceboook.com vs. facebook.com
   • Fake twist: Adding an extra “o” in the middle.
6. linkedn.com vs. linkedin.com
   • Fake twist: Dropping the “i” to make it appear the same at first glance.
7. paypa1.com vs. paypal.com
   • Fake twist: Replacing the letter “l” with the digit “1.”
8. twittter.com vs. twitter.com
   • Fake twist: Adding an extra “t.”
9. appIe.com vs. apple.com
   • Fake twist: Using a capital “I” in place of a lowercase “l.”
10. youtubе.com vs. youtube.com
    • Fake twist: Replacing “e” with a Cyrillic “е” (looks almost identical but is a different character).