Table of Contents:
Domain impersonation is a popular phishing technique whereby attackers create fake email addresses or websites based on a legitimate business. The intention is either to trick customers into giving out financial details or trick businesses into giving out sensitive information. The result? The legitimate business loses money, credibility, and customers, while the scammer gets away unscathed.
Phishing costs businesses an average of $4.65 million, according to a 2021 IBM report. It’s a big, lucrative industry for unscrupulous entities, and domain impersonation (also a kind of business identity theft) in particular is easy and cheap to carry out. More than technical knowhow, domain impersonation uses human psychology to achieve its goal.
In this article you will learn:
– How widespread domain impersonation is,
– Examples of domain impersonation,
– The impact of domain impersonation on brands,
– And how to avoid becoming a victim.
There are different types of domain impersonation (more on that below), all of which can have huge repercussions for businesses. 43% of organizations in IBM’s report experienced a security incident in the last 12 months, with business email compromise accounting for 50% of incidents. During the pandemic in particular, impersonation fraud spiked, resulting in losses thought to be around $2 billion between 2020 and 2021.
The prevalence of domain impersonation is largely due to the fact that faking a website or an email address is a low-barrier-to-entry enterprise. All the scammer needs is to create an email account that looks similar to that of a brand, or pay a small amount of money to create a website – copying across the logos and trademarks of an established business and using a similar domain name.
A domain or domain name is the location of a website. So for example, amazon.com is a domain name. It also serves as the email address domain. Thus domain impersonation is when scammers impersonate a business or an individual within that business by creating a website or email address domain that looks and sounds similar to the original. For example, amzon.com or amazon.eu. The same goes for email addresses.
Domain impersonation is a cybercrime. Not only are fraudulent domains usually used to dupe users or employees into giving up sensitive information and bank details, but copying a domain name is in itself a trademark infringement. If websites are created with similar-looking domain names, then scammers will be executing a copyright infringement too, since to make that website look similar to the original they will have to copy across identifying elements of that website.
When scammers create look-alike websites, they do so hoping that misled customers won’t notice that the domain name is slightly different or the image quality isn’t great. Then, when customers go to enter their login details or input their bank details to buy a product, little do they realize they are handing these details straight to bad actors. This is also known as phishing.
After copying the brands’ website design, trademarks, and product listings, scammers may go so far as to imitate a brand’s products. Instead of the original product, they make a cheaper, lookalike version, also known as a counterfeit.
Fraudsters could pose as third-party vendors or senior employees of a business, using similar, but slightly modified email addresses. The employee signs off the financial transaction believing it’s been OK’d by the boss or that the vendor is their legitimate vendor, only to find out that huge amounts of money have been funneled to illegitimate organizations and fraudsters.
Perhaps the malicious email or links on the impersonated website actually contain malware (malicious hardware), another type of digital fraud that can infect the customer’s or business’s devices. Usually, the aim of malware is to steal sensitive data or damage a device.
Also known as business email compromise (BEC) and CEO fraud, executive impersonation is when a senior executive at a company sends (usually an urgent) email requiring the immediate wiring of funds. The senior executive will be a scammer disguised under an impersonated email address. For example, firstname.lastname@example.org.
Executive impersonation skyrocketed during the pandemic, when remote work made it that much easier for scammers to go undetected. In 2020, for example, 7000 company CEOs were impersonated between March and September. The technique is easy to accomplish – all that scammers have to do is find out who the senior members of a company are and create a similar looking email address. The rest is psychology: who doesn’t want to impress their boss by acting quickly to their demands?
This is another kind of BEC, and it is on the rise. It can happen in a variety of ways, but one of the most common is through email domain impersonation. Fraudsters will pretend to be representatives from a business’s vendors or third-parties, and will require the urgent payment of an outstanding bill. Or, they may even gain access to email systems through phishing scams.
Since almost every business will coordinate with third parties, vendor fraud is a popular option for cybercriminals. According to the AICPA, this kind of fraud is often aimed at businesses that don’t have strong security measures in place. These will usually be smaller and medium-sized enterprises, who, paradoxically, can’t afford the huge losses that impersonation could incur.
Cybersquatting is a method for domain impersonation. Bad actors will register similar domain names in order to “squat” over a brand’s name. For example, while you may have registered yourbrandname.com, a cybersquatter will register yourbrandname.co.uk, .eu, .co, and so on. They may try to sell these back to you at a higher price, or they may impersonate your website, drive traffic away from your domain to theirs, and sell counterfeit products or enact other fraudulent transactions.
Similarly to cybersquatting, typosquatting is when fraudsters register a mistyped version of your domain name, for example amzon.com, or amaz0n.com rather than amazon.com. They then impersonate your brand’s original website and hope that your stolen customers don’t notice the difference in the URL.
Check your junk email, and you’ll probably find it’s full of phishing emails. You’ll notice that some of these emails supposedly come from well-known brands. But look a little closer, and you’ll see there are some mistakes in the web address, or the email address doesn’t seem professional. These phishing emails may include malicious links, ask you to “log in” to an impersonated website, or tell you you’ve won something. Customers may believe the email is from a legitimate, familiar business, rather than a fraudulent one.
Cybercriminals can draw you to an impersonated website through typosquatting, cybersquatting, fake social media profiles, and black hat SEO techniques. Some fraudsters are so good at copying across a business’s intellectual property (IP) – such as their trademarks (logos, brand names) and copyrighted content – that the customer won’t be able to tell the difference between the legitimate website and the fake one.
The way money is lost due to domain impersonation attacks can take a variety of forms. A sale made by a website impersonating yours is a sale lost from your business; it’s also likely to be a lost repeat customer; money could be lost due to fraudulent third-party vendors or CEO fraud; you begin to get a bad reputation, meaning you lose potential customers and therefore sales; and money will be lost trying to find these culprits. The latter is easily fixable through automated Domain Protection Software.
What many of these domain impersonators do is use similar promotion techniques as legitimate businesses and offer the same products (which are usually non-existant or counterfeits), therefore drawing online traffic away from your business and into the hands of a scammer. Black hat SEO is another, sophisticated way of boosting an illegitimate, impersonated business webpage on search engines.
Financial losses – as long as they’re not great – won’t cause your business any permanent damage. What can do permanent damage, however, is any action that negatively affects your brand reputation. Your brand reputation is one of your most valuable assets, but counterfeits, impersonation domain scams, and compromised security systems associated with your company will only serve to bring it down in the eyes of your customers.
Customers will often blame the original brand for scams associated with it, and negative experiences with your brand can snowball if they’re not kept under control. One bad review by an influencer, for example, is all it takes to make a big dent in your reputation and lose a significant amount of potential sales.
Employee training – Most digital fraud is enabled by human error. It’s therefore vital that companies train their employees on cybersecurity: how to spot an impersonator, what you will and won’t be asked by a boss, the security measures that must be adhered to during financial transactions, and so on.
Consumer education – Let your customers know how your company operates, what details will and won’t be asked for, and what means of communication you will use if you need to contact them. If you know of any phishing or domain impersonation schemes related to your company or industry, let your customers know about them.
Protect your domain – Make sure to trademark your domain name as well as register variations of your domain name. These actions, together with domain management software, will help mitigate bad actors.
Monitor the web for impersonation attacks – The most efficient way of monitoring the web for fake domains impersonating your brand, is to leave it to the bots. Red Points’ automated Domain Takedown Service uses bots to scan the web night and day for any attempts at domain impersonation. Once caught, Red Points will remove them, while guarding your brand against repeat infringers.
Domain impersonation can take the form of either a fake website or a fake email address. These fake websites and email addresses impersonate those of real, legitimate businesses. They divert traffic away from your site, steal your sales, sell counterfeit versions of your goods, dupe customers into giving away sensitive information, or steal your money outright through the supply chain or business email compromise.
While employee and consumer education are important steps in guarding against scammers impersonating your domain, businesses should register their trademarks and copyright as well as install automated brand protection software.