Typosquatting
What is Typosquatting?
TyposquattingRegistering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors.
Typosquatting (a.k.a. URL hijacking) exploits predictable typing mistakes (gogle.com, micrsoft.com), missing characters, swapped letters, alternate TLDs, or homoglyph substitutions ("rn" for "m", Cyrillic "а" for Latin "a"). The attacker registers these strings and hosts phishing pages, scams, malware downloads, or ad-revenue traps. The same pattern affects software-supply chains, where look-alike package names in npm, PyPI, NuGet, Maven Central, or Docker Hub deliver malicious code to developers who mistype dependencies. Defences include defensive registrations of common typos and homoglyphs, monitoring for newly registered look-alike domains, internal package mirrors with allowlists, and developer tooling that checks dependency names against known good registries.
● Examples
- 01
Phishing site at "paypa1.com" (digit "1" for letter "l") collects credentials from users who mistype the real domain.
- 02
Malicious npm package "reqeusts" mimics "requests" and ships an info-stealer on install.
● Frequently asked questions
What is Typosquatting?
Registering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors. It belongs to the Attacks & Threats category of cybersecurity.
What does Typosquatting mean?
Registering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors.
How do you defend against Typosquatting?
Defences for Typosquatting typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Typosquatting?
Common alternative names include: URL hijacking, Domain typo-squatting.