Look‑alike domains

How to spot fake sites, avoid credential theft, and keep accounts safe.

What a look‑alike domain is

Scammers register domains that look almost right (extra letters, swapped characters, different endings) and then try to harvest logins or payments.

Fast checks before you log in

1. Use bookmarks (save the real site once, then only use your bookmark).
2. Read the full domain carefully — look for swapped letters (rn vs m), extra dashes, or odd endings.
3. Avoid login links in DMs (even if they look official).
4. Use a password manager — it usually won’t auto‑fill on fake domains.

If you already entered your password

• Change your password immediately (and anywhere you reused it).
• Enable 2FA, and sign out of other sessions if the platform supports it.
• Scan for browser extensions you didn’t install.

Related