---
type: "term"
title: "Typosquatting"
description: "Registering domain names or package names that are slight misspellings of legitimate ones to deceive users or automated systems."
resource: "tlctc:term:typosquatting"
tags:
  - "glossary"
---
# Typosquatting

Registering domain names or package names that are slight misspellings of legitimate ones to deceive users or automated systems. In TLCTC: when used for malicious package publication (e.g., npm typosquatting), maps to `#1 Abuse of Functions` (abusing the publish functionality) → `#10 Supply Chain Attack` (trust boundary crossing) → `#7 Malware` (code execution at consumer). When used for phishing domains, see Domain Squatting.

**Reference:** V1.9.1 §Attack Path Notation (Example 3)

See also: Domain Squatting, Supply Chain Attack (#10), Abuse of Functions (#1)