Typosquatting - Fake Domains from Misspelled URLs
About 2 min read
Typosquatting is an attack technique in which an attacker registers a confusingly similar domain to that of a legitimate website and lures users to a fake site by exploiting their typing mistakes. As with "gogle.com" or "googel.com" against "google.com", fake domains are created by swapping, omitting, or adding a single character. As of 2025, package typosquatting on npm and PyPI has become serious, and attacks targeting developers are rapidly increasing.
Real-World Use Cases
"A member of our development team had accidentally installed a typosquatting package of lodash (lodahs) via npm install. We detected it through the dependency audit in our CI pipeline and were able to remove it before any malicious code executed."
Attack Methods and Objectives
Typosquatting serves a wide range of objectives. These include cases of stealing login credentials by posing as a phishing site, cases of displaying parking pages to earn advertising revenue, and cases of distributing malware. In recent years, "package typosquatting", which involves publishing malicious packages with names resembling popular ones in programming language package managers (npm, PyPI), has also become a problem.introductory books on domain security (Amazon) provide a systematic way to learn about this.
Countermeasures
Individual users can prevent damage by using bookmarks, checking the URL bar, and relying on the browser's autocomplete feature. For organizations, effective measures include preemptively registering domains similar to their own brand (defensive registration) and using a domain monitoring service to detect newly registered look-alike domains. It is also important to prevent email spoofing by configuring DMARC, SPF, and DKIM, and to strengthen DNS security. Protect your domain management account with a strong random password to prevent unauthorized domain transfers.books on brand protection (Amazon) are also a helpful reference.
Was this article helpful?