Cyber criminals are constantly finding new ways to trick staff into handing over login details and sensitive company data. One of the biggest threats we’ve seen targeting businesses is something called typosquatting. While the name might sound funny, it’s anything but.
With Microsoft’s presence in many businesses, from email hosting and file storage to collaboration software and identity management, criminals are taking advantage, creating spoofed websites that look almost identical to real Microsoft sites. In many cases the only difference is a single letter in the web address (e.g. microsofts.com, rnicrosoft.com, micro-soft.com).
Understanding how typosquatting works and how to protect your team can significantly reduce the risk of data theft and account compromise.
What Is Microsoft Typosquatting?
Typosquatting is a type of cyber attack where criminals register domain names that are intentionally similar to legitimate ones. These domains are designed to catch users who accidentally mistype a URL or click a lookalike link in a phishing email. For example, a user expecting to visit microsoft.com may be redirected to a malicious site such as micros0ft.com, microsoft-login.co, or microsoft-support-help.net.
These fake sites usually look identical to the real Microsoft login portal. The goal is simple, trick the user into entering their username and password. Once the attacker has these details they can log into the genuine account, access email, contact lists and files, or use the account to launch further attacks across the business.
Why Typosquatting Is Increasing
There are several reasons why cyber criminals are increasingly using typosquatting:
Microsoft 365 is widely used
Most businesses rely on Microsoft 365, which means attackers have a large pool of potential victims.
It’s inexpensive to register fake domains
A domain can be bought for a few pounds, making it cheap for criminals to set up dozens of variations.
Staff are busy and often click without checking
Attackers depend on split second decisions. If a login page looks familiar, many users won’t double check the address bar.
Phishing emails make the attack more convincing
Criminals can combine typosquatting pages with realistic emails telling staff their mailbox is full or their password is expiring.
The Risks for Businesses
Once an attacker gains access to a Microsoft 365 account, the impact can be severe. Risks include:
Email account takeover, allowing scammers to impersonate staff
Unauthorised access to OneDrive and SharePoint, exposing confidential data
Sending phishing emails internally, increasing the chance of further compromise
Invoice fraud, where attackers alter payment details in messages
Ransomware delivery
Reputational damage, especially if customer data is accessed
Even a single compromised mailbox can take hours to clean up and often causes weeks of disruption if data is stolen or misused.
How to Protect Your Business from Typosquatting
The good news is that several practical and affordable steps can drastically reduce the risk:
Enable Multi Factor Authentication
MFA is one of the strongest defences. Even if an attacker steals a password, they can't access the account without the second verification step.
Train staff to check website addresses
Encourage employees to look closely at the URL before entering login details, especially if they clicked a link rather than typing the address manually.
Use a password manager
Password managers fill in login details only on legitimate websites. If the URL is incorrect, the manager won’t autofill the password, alerting the user.
Implement email filtering and phishing protection
Advanced email security tools block suspicious messages that contain fake Microsoft links. This reduces the chance of staff being exposed to harmful pages.
Review and monitor login activity
Microsoft 365 has built in security features that show unusual sign in attempts or logins from unexpected locations. Monitoring this regularly helps detect compromises early.
Block risky domains
Security tools can identify and block newly registered domains, which are commonly used for typosquatting and phishing attacks.
How We Can Help
Typosquatting may seem low tech, but it remains one of the most common ways for criminals to steal login details. As attackers continue to create more convincing Microsoft lookalike sites, staying alert and securing your accounts is more important than ever.
At Edmondson's, we use a layered approach to security that combines protective tools, good configuration and ongoing monitoring. Our IT support packages include managed antivirus, continuous threat monitoring, secure backups and expert guidance on Microsoft 365 setup. We also run cyber awareness training sessions to help staff spot fake links, suspicious emails and misleading websites.
