Typosquatting (also called URL hijacking) is the practice of registering domains that are common misspellings of a legitimate one in order to intercept traffic from users who mistype a web address. A typosquat of acmebank.com might be acmebnk.com, acmebank.co, or axmebank.com.
The squatted domain is used to run a phishing page, serve malware, show pay-per-click parking ads, or redirect to a scam or competitor. The attack works because typing is error-prone and a name one character off reads as correct at a glance.
Typosquatting is one of several lookalike-domain techniques, alongside combosquatting (brand plus a keyword) and homoglyph attacks (visually identical characters). For the patterns and defenses, see the guide on typosquatting.