TLD Swap

Replaces the top-level domain with common alternatives. Attackers register the same name under different TLDs to intercept traffic.

How It Works

This technique keeps the domain name the same but swaps the top-level domain (TLD) with alternatives. It checks common TLDs like .net, .org, .io, .co, country-code TLDs, and newer gTLDs like .app, .dev, .ai. Attackers register the same name under different TLDs to catch users who misremember or mistype the extension.

Real-World Examples

facebook.net, facebook.org (TLD alternatives to facebook.com)
google.co (confusing with google.com)
apple.io (tech-sounding TLD alternative)

Prevention Tips

Defensively register your brand under all major TLDs (.com, .net, .org, .io, .co at minimum).
Set up redirects from alternative TLDs to your primary domain.
Monitor new TLD launches for potential squatting on your brand name.
Consider country-code TLDs for markets where you have presence.

Related Techniques

Combosquatting Pluralization