URL Hijack - what it is, warning signs, and how to avoid look-alike redirects

URL Hijack

What it is

URL hijacking is when scammers get you to visit the wrong website on purpose. They register look-alike addresses for popular sites (like amaz0n.com or gooogle.co) or set up sneaky redirects, so a small typo or a tricky link sends you to a fake page that can steal logins or push malware.

Why it matters

Landing on the wrong site can expose passwords, card details, or install unwanted software. It looks close enough to feel safe - that’s the trap.

How it works 

  • Look-alike domains: swap letters, add extra characters, or use a different ending (.co vs .com).

  • Redirects: ads, pop-ups, or hacked pages bounce you to a malicious site.

  • Search tricks: paid ads or poisoned results put the fake above the real site.

  • Auto-complete: your browser finishes a mistyped address with the wrong domain.

Red flags

  • The address bar is close but not exact (numbers for letters, extra hyphens).

  • No padlock (HTTPS) or a certificate issued to a random name.

  • Sudden pop-ups to “update your browser,” “verify now,” or download a “codec.”

  • Payment pages that look slightly off or ask for unusual info.

Do it right

  • Type important addresses yourself or use bookmarks; avoid clicking login links in emails.

  • Check the full URL before entering passwords or payment details.

  • Use a password manager - it won’t autofill on the wrong site.

  • Keep your browser and security software updated; report look-alike domains when you see them.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Phishing

        What it is Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick ...

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • URL Redirection Attack

        What it is A URL redirection attack tricks your browser into leaving a real site and loading a fake one. The attacker slips a redirect into a link or page (or abuses a site’s “open redirect” bug), so when you click, you’re quietly sent to a malicious ...

      • Security Software

        What it is Security software is a set of apps and services that protect your devices and data from hackers, malware, and mistakes. It covers tools like antivirus/anti-malware, firewalls, VPNs, email and web filters, intrusion detection/prevention, ...