đź“Ś Get the latest strategies to protect your revenue in your inbox

What is combosquatting and how can businesses prevent it?
Impersonation Removal
6 mins

What is combosquatting and how can businesses prevent it?

Table of Contents:

    Typosquatting, cybersquatting, domain name squatting… scammers have been using these website impersonation techniques for years. They work because users don’t necessarily check the URL for typos, they don’t notice them, or perhaps it really does look like a valid web address. And anyway, the website looks exactly the same as always, so why be suspicious?

    Unfortunately, it’s all too easy  for scammers to register a domain name and create a website that looks just like that of another business. All they have to do is add a typo to the domain name, change the ending (for example .com, .eu, .io), or, add a whole new word onto the web address: amazon-shop.com, for instance. This latter example is known as combosquatting, and it’s highly effective. Consumers nowadays are savvier  to the traditional phishing techniques of a misspelled domain name. They’re more easily duped, however, by combosquatting. 

    It may be painful for the consumer to be tricked into revealing their credentials on a fraudulent website with a combination name, but the impact on the impersonated business can be even more devastating. 

    In this article, you will learn:

    • How combosquatting works,
    • The difference between combosquatting, typosquatting, and cybersquatting,
    • The impact of combosquatting on businesses,
    • And how to prevent scammers from manipulating your domain name.

    What is combosquatting?

    Every business with an online presence must register a domain name. The domain name for amazon is amazon.com (with different domain extensions depending on the country, such as amazon.co.uk for the UK – most companies won’t need different extensions). 

    When scammers try to impersonate a legitimate brand online, they can’t simply register the same domain name; they have to alter it slightly. In the case of combosquatting, the scammer creates a combination domain name, such as amazon-shop.com, or facebook-security.com. 

    This is a highly successful phishing technique, and very common, too. According to research supported by the U.S. Department of Defense, National Science Foundation, and the U.S. Department of Commerce, not only has combosquatting been a technique on the rise year on year, but for 268 trademarks, 2.7 million combosquatting domains were identified.   

    Partly what makes combosquatting so successful, is that these manipulated domain names contain the original brand name (not mistyped) and thus appear authentic. Due to the sheer number of words you can add to an original domain name, there are almost infinite variations of these combination domain names. This also makes it harder for the impersonated companies to keep track of and take down these infringements. 

    The difference between combosquatting, typosquatting, and cybersquatting. 

    Typosquatting – It’s easy to make a typo, and to miss one when they’re right in front of you. This is what makes typosquatting (also known as URL hijacking) such an effective form of phishing. The scammer registers a mistyped version of a domain name, such as fcaebook.com or amaz0n.com. They will then create a website that looks as identical to the original website as possible. 

    Creating a lookalike website isn’t difficult. All the scammer has to do is copy and paste across any of the legitimate website’s identifying elements, such as their logos, color palette, content, and so on. With a few more technical touches, the website is done, and ready to extract sensitive information from unwitting customers. 

    The scammer attracts users to their fake website through a variety of ways. Either the individual mistypes the address into the search bar, or the scammer baits the user with a phishing email or fake social media profile, or they use black hat SEO techniques to make their illegitimate web page rank higher (and rank yours lower).  

    Cybersquatting Cybersquatting is more of an umbrella term for all types of domain squatting, but always with the malicious intention of profiting off the value of the original domain name. Commonly, bad actors may register similar domain names with the intent of selling them to the original owner of the trademark at a higher price.

    This is an illegal practice and laws are in place to prevent this malicious activity. The Anticybersquatting Consumer Protection Act (ACPA) is a federal law that prohibits domain name registrations that are identical or similar to business trademarks or personal names. 

    Other ways of cybersquatting include adding different extensions to a registered domain name. For example, you may have registered yourdomainname.com, but did you register yourdomainname.co.uk, .io, or .eu? If you didn’t, then bad actors could swoop in, buy them, and try and sell them back to you at a higher price. Or, they may try to profit from your company’s good name and reputation, and sell similar, or counterfeit products. 

    Combosquatting – As already outlined above, combosquatting adds additional words to create a combination domain name, such as facebook-security.com. They can be used for any of the above mentioned practices, such as being registered in order to be sold back to the original trademark owner for a higher price, to create phishing websites, or to take advantage of the traffic a brand gets to their website and sell counterfeit products. 

    Red Points' Domain Takedown Services

    What is the impact of combosquatting on brands?

    Whether it’s using your brand name and reputation to sell counterfeit products, or creating lookalike websites through which to scam customers, combosquatting hits brands from a number of angles. Most fundamentally, if combosquatting has been allowed to continue for too long, it will cause your business to lose revenue, customers, and credibility. 

    Lost revenue

    There are many ways your brand can lose revenue through combosquatting. First and foremost, that manipulated version of your domain name is redirecting customers that were intending to buy your products or services to a lookalike, fraudulent website. 

    You may also be impelled to buy back the combined version of your domain name in order to stop any malpractice associated with your brand. Another tactic used by combosquatters is hit stealing. This is when the combo’d version of your domain name redirects visitors to a competitor site. 

    Affiliate marketing fraud is another tactic that  can result in lost revenue, due to the fact that affiliates are paid per purchase or click. They may create a lookalike website, that when clicked on goes through the affiliate, trackable link to the original website. The affiliate (who in this case is a combosquatter), thus profits from visitors who were already going directly to the legitimate website.

    Lost customers

    Of course, if customers have been duped into entering their details into a website that looks just like yours, they will most likely blame your brand for the misdemeanor. In some cases, the customer may not even realize that they were buying from a fraudulent website or a website selling counterfeits and inferior quality goods, so the disappointing purchase is reflected back on your business, not the fake one.  

    The fake website may have also infected their device with malware, which certainly won’t leave a customer with a positive aftertaste.

    Lost credibility

    These days, all it takes is an influencer with a large following to share their bad review on TikTok or Facebook, and the reputational damage to your brand is terminal. Your brand’s reputation is one of your most valuable assets, so it’s important to nip scams in the bud before they snowball. 

    Bad reviews on review sites such as Trustpilot can also be devastating once they get out of control. This inevitably shrinks the value of your brand, and necessitates some serious brand rebuilding. 

    How can businesses prevent combosquatting?

    Register mistyped versions of your domain name

    While combosquatting means that an almost infinite number of variations can be made of your domain name, make sure to register any obvious hyphenated names. For example, if your company is security related, register yourdomainname-security.com, and so on. The same goes with typo’d versions of your brand name, and covering all the obvious extensions (.co.uk, .eu, .io). You can easily have these versions redirected to your website, too. 

    Install SSL certificates

    All businesses should install SSL certificates on their website. They help to authenticate your site and provide a padlock icon in the URL bar, letting your users know that you’re legitimate. You need to first verify your website’s information through ICANN Lookup, and begin installing the SSL certificate from there. While there’s nothing to stop scammers from doing the same, they often don’t validate their website, meaning a no-padlock sign should be a red flag. 

    Use ICANN’s Lookup tool

    ICANN (the Internet Corporation for Assigned Names and Numbers) provides a domain name lookup tool. It’s free to use, you simply type in all the potential versions of your domain name and find out if they’ve been registered. You will sometimes be able to see who the registrant was, in which case, if you feel your trademark has been infringed upon, you can send them a cease and desist letter. 

    Trademark your domain name

    Trademarking your domain name is a helpful way to mitigate against bad actors, since it adds an extra legal barrier that they will have to contend with if they get caught out. Any scammers intending to impersonate your brand will think twice about using a trademarked domain name. 

    Use an automated domain takedown service

    The internet never sleeps, and scammers all over the world will try and take advantage of your good reputation and customer base by impersonating your brand. Manually looking up fraudulent domains with different combosquatting variations – let alone contacting the domain registrant to send a takedown request – uses up precious time and resources. Red Points Domain Takedown Service scans the internet 24/7 for domain names that are infringing your trademark, takes them down, and stops repeat infringers. 

    What’s next?

    Combosquatting – along with other cybersquatting tactics – allow fraudsters and bad actors to register domain names that could be confused with yours. They do this on purpose, so as to profit from your good name and customer base, defraud customers of their money and credentials, or sell these hyphenated versions of your domain name back to you. 


    There are preventative measures your brand can take, such as trademarking your domain name, preemptively registering hyphenated and mistyped versions of your domain name, and installing SSL certificates. The most effective measure you can take to protect your brand from fake websites popping up under similar-looking domain names, is to install automated software that constantly scans the internet for infringements. Red Point’s Domain Management Service automatically finds and removes combosquatting.

    domain-managament

    You may like...

    What is domain name squatting?
    How to prevent and protect from typosquatting
    What is cybersquatting and how can you protect your brand from it?