đź“Ś Get the latest strategies to protect your revenue in your inbox

What are cousin domain attacks and how to prevent them?
Impersonation Removal
6 mins

What are cousin domain attacks and how to prevent them?

Table of Contents:

    A cousin domain attack is a type of phishing attack where a fake website with a domain name very similar to a legitimate website is created to trick users into disclosing their sensitive information. Cousin domain attacks are used by bad actors to impersonate executives and brands to further their own malicious objectives.

    In this article, we’ll look closely at one frequent brand impersonation tactic: cousin domain attacks. 

    We’ll go over:

    • What a cousin domain attack is
    • Examples of cousin domain attacks
    • How to detect and report cousin domain attacks
    • What businesses can do to protect themselves from cousin domain attacks

    What is a cousin domain attack?

    As mentioned above, the term “cousin domain” refers to a website address or URL that is made intentionally to be confusingly similar to another domain name. 

    When these fake sites are established they may start aggressively reaching out to your customers as part of a phishing scheme, offering them fraudulent deals, or even start requesting sensitive information. 

    Examples of cousin domain attacks

    These fake website scams are designed to trick users into believing they are on a legitimate website and then steal their sensitive information, such as login credentials, credit card numbers, and other personal details. 

    One example of a cousin domain attack is typosquatting, where the attacker registers a domain name that is similar to a legitimate website but with a slight variation, such as misspelling a word or adding a hyphen. For example, if the legitimate website is www.abccompany.com, the attacker might register www.abccompnay.com or www.abc-company.com. When users accidentally type in the wrong URL or click on a malicious link, they are redirected to the fake website and asked to enter their login credentials or other sensitive information.

    Another example of a cousin domain attack is a homograph attack, where the attacker registers a domain name that looks identical to a legitimate website but uses different characters or symbols. For example, the attacker might use the Cyrillic letter “а” instead of the Latin letter “a,” or use the letter “o” with a dot above it instead of the regular letter “o.” These subtle differences can be difficult to spot, especially for users who are not familiar with different character sets.

    Cousin domain attacks can also involve using a different top-level domain (TLD) than the legitimate website. For example, if the legitimate website is www.example.com, the attacker might register www.example.net or www.example.org. These TLDs are less common than .com and may be overlooked by users who are not paying close attention to the URL.

    In all these cases, the goal of the attacker is to make the fake website look as similar as possible to the legitimate website, in order to trick users into entering their sensitive information. To protect your business against cousin domain attacks, it’s important to be vigilant about your business’s online presence. 

    How do you detect a cousin domain attack?

    Some common signs of a cousin domain attack could include a sudden influx in customer complaints or receiving unsolicited emails requesting sensitive information from “unknown coworkers”.

    However, these will only be noticeable to you if the phishing scam is already active, meaning that it could have permanently damaged your business’s reputation or steal valuable information from your employees.

    Conduct manual detection tests regularly

    The first option for detecting cousin domain attacks before they can cause damage is not necessarily the most practical, but it is effective if done properly and consistently. Manual detection involves you manually typing in a wide variety of variations of your existing domain name to ensure no impersonated fake website is using them. This process can take some time and would need to be done regularly to mitigate the risks associated with this type of scam, which are total brand degradation and damaged client relationships.

    Utilize domain takedown software

    Businesses should consider purchasing scalable software such as Red Points’ Domain Takedown software or brand abuse monitoring software to protect their website from fake websites for several reasons. Firstly, it can help prevent damages to your revenue stream and brand reputation caused by these fraudulent websites. Secondly, it can reduce the risk of customers falling victim to phishing scams and identity theft. And finally, it can save time and resources that would otherwise be spent dealing with the aftermath of a cyber attack.

    Red Points' Domain Takedown Services

    How do you report a cousin domain attack?

    As a business owner, it’s essential to be aware of the risks of cousin domain attacks and know how to report them. If you or your customers have fallen victim to this type of scam, it’s crucial to take immediate action to prevent further damage. Here’s how you can report a cousin domain attack from a business owner’s perspective:

    • Firstly, if the fraudulent website is hosted by a third-party provider, you should report the attack to the hosting provider’s abuse team. This can help remove the fraudulent website from the internet and prevent other businesses or individuals from being targeted.
    • Secondly, you should report the attack to the domain registrar’s abuse team if the fraudulent website is registered with a domain registrar. This will help you get in touch with the registrar and take down the website.
    • Thirdly, if you believe the attack is part of a larger cybercrime operation, you should report the incident to law enforcement. This can help prevent similar attacks and hold the perpetrators accountable.
    • Lastly, using Red Points’ Domain Takedown services can be an effective way to automate the detection and reporting of these fake websites. The team of experts will assist you in taking down the fraudulent website, protecting your brand reputation and your customers’ safety.

    As a business owner, it’s your responsibility to protect your brand reputation and your customers’ safety. Reporting cousin domain attacks is an essential part of that responsibility. By taking these steps, you can prevent further damage and help protect others from falling victim to the same scam.

    What can businesses do to prevent a cousin domain attack?

    Preventing cousin domain attacks requires businesses to take proactive measures to protect their website and their customers. Here are some steps businesses can take to prevent their website from being the victim of a cousin domain attack:

    1. Educate employees and customers: Train your employees and customers on how to identify phishing scams and suspicious messages. Encourage them to report any suspicious activity immediately.
    2. Monitor your brand online: Use Red Points’ Impersonation Removal platform to monitor your brand online and detect any fraudulent websites or social media accounts that could be used in a cousin domain attack.
    3. Register multiple domains: Register variations of your domain name and common misspellings to prevent scammers from using them in a cousin domain attack.
    4. Make sure you register all your Intellectual Property (IP), whether it be your business’s domain name or its most notable products, having that IP registered as your property allows you to take legal action against infringers.

    By taking these steps, businesses can significantly reduce the risk of falling victim to a cousin domain attack. It’s important to stay vigilant and take proactive measures to protect your website and your customers from cyber threats.

    How can Red Points help your business? 

    Red Points’ Domain Takedown Services are the premier proactive action you can take as a business owner to prevent a future cousin domain attack or even to address one your business is already facing.

    The process follows three main steps: detection, validation, and enforcement.

    • The first step is detection

    Red Points uses advanced technology and algorithms to monitor the internet and detect any fraudulent websites or social media accounts that could be used in a cousin domain attack. When a suspicious domain is detected, it’s added to a list on our platform, which leads us to step two.

    • The second step is validation

    Step two is where the action will have to be taken on your end; the validation process is a basic review by you to confirm that what we’ve detected is a genuine infringement on your IP. Once you’ve validated a detected infringement we immediately move forward to the next step in the process, enforcement.

    • The final step is enforcement. 

    The final step, enforcement, is carried out entirely by Red Points on behalf of your business once you’ve validated a potential infringement that we’ve detected. In this case, we will immediately begin the process of enforcing your IP rights to take down the fake website infringing on your IP. Once an infringement has been removed from the internet we’ll share with you a detailed report about the particular infringement and how the takedown process was carried out. 

    Additionally, on our platform, users will be able to review a variety of detailed data reports about their IP, which can be tailored to meet the needs of each business’s needs.

    In summary, Red Points’ Domain Takedown Service works by detecting suspicious domains and once you’ve validated them as an infringement, enforcing takedown measures to remove the fraudulent website from the internet. With these three basic steps, Red Points helps businesses protect their brand reputation and customers’ safety from the threat of cousin domain attacks.

    What’s next

    While not new, the use of cousin domain attacks is becoming more prevalent among bad actors. However, there are steps that businesses can take to prevent these attacks, such as using Red Points, securing their website, educating employees and customers, and registering multiple domains. By taking proactive measures to prevent and detect cousin domain attacks, businesses can protect themselves and their customers from the damaging effects of cybercrime.

    It’s never too late to start protecting your business and its customers from bad actors, so don’t hesitate to speak to one of our experts to find out how Red Points can help.

    New call-to-action

    You may like...

    Everything you should know about typosquatting detection
    How to prevent and protect from typosquatting
    A deep dive into similar domain name phishing schemes