Cryptographic protocols, if they are not carefully designed, may be subject to subtle attacks in which an intruder, by careful construction of a message, may trick a principal into accepting data of one type as data of another. This is known as a *type confusion attack*. In this paper we show how type confusion attacks can arise in realistic situations even when the types are explicitly defined in at least some of the messages, using examples from our recent analysis of the Group Domain of Interpretation Protocol. We then develop a formal model of types that can capture potential ambiguity of type notation, and outline a procedure for determining whether or not the types of two messages can be confused. We also discuss some open issues.