⚠️ Awareness demo — interactive typosquat quiz. No data collected.

Which one is the real URL?

Click the URL you'd trust. Then we'll reveal the fakes.

Round 1 — Microsoft

Round 2 — PayPal

Round 3 — ING

Round 4 — Google

Round 5 — the tricky one

Hint: the second option uses a Cyrillic "a" — visually identical, actually a different character.

🎣

You scored 0/5

Typosquatting & homograph attacks use domains that look like the real thing.

What's going on?

Attackers register look-alike domains for every major brand. They use tricks like: rn looking like m, 1/l/I swaps, missing letters, extra subdomains (microsoft.security-login.com), or Cyrillic/Greek lookalikes (a homograph attack). Combined with a phishing email, it's enough to fool most people in a hurry.

How to defend yourself:

Read the whole domain. The part just before the last dot is the real owner.
brand.verify-login.com is owned by verify-login.com, not by the brand.
Bookmark the real sites you log in to; never reach them via email links.
Use a password manager — it won't autofill on the wrong domain, which is a massive tell.
Hover before you click. On mobile, long-press to preview.