đź“Ś Get the latest strategies to protect your revenue in your inbox

A deep dive into similar domain name phishing schemes
Trademark Infringement
6 mins

A deep dive into similar domain name phishing schemes

Table of Contents:


    Any domain registered with the purpose to mislead customers into providing their personal information has to be what we call a look-alike of a legitimate business’s domain. Thousands of look-alike domains are registered each year by cybercriminals in order to impersonate well-known companies and generate money, typically by committing fraud.

    Here, we’ll explain how domains help us communicate online, why similar domain name phishing is harmful to companies, how attackers create them, and the best place to start when dealing with this common threat.

    What is a domain?

    A website’s entire address is known as its domain name, one such example of a domain name could be “redpoints.com”. Very often the domain name of a business can be spotted in their workers’ corporate email addresses immediately following the “@” symbol. If you’re sending emails from a business-linked email account, you’ll almost always use the company’s website instead of “gmail.com” or “yahoo.com.”

    Why are domains important?

    Every connected device has an IP address, and packets of information are sent between these devices to facilitate communication. When we browse a business’s website or buy anything from them online, we are technically speaking with them.

    Businesses use domains to develop a distinct identity, just like a person’s name. We could even use the numeric IP address to connect to a website in the same way a person may use a phone number to connect with someone else.  Most cybercriminals know what providers businesses use to establish their domain name, and they use this information to develop how they approach their cyber attack. These cybercriminals are also aware that we use login credentials to access websites, enter credit card information to make purchases, and communicate with suppliers via email; all of which is highly confidential information that can be highly damaging to a business if accessible to a cybercriminal.

    How are similar domain name phishing schemes evolving?

    The “lock” or “secure” SSL or certificate indicator on our web browsers, as we were taught, is no longer required because practically every domain is considered secure now, even the bogus ones.

    If you’ve ever received an email with a questionable domain name, you’re not alone.

    As a result of how common these scams are, many major organizations, particularly those in the retail and other online industries, employ copyright and trademark litigation, or they either register or own every conceivable variation of their genuine domain name to prevent typosquatting. One basic example of this would be “gacebook.com” automatically rerouting users to “facebook.com” because Facebook knows it is a common misspelling and wants to limit the potential for bad actors to capitalize on the innocent mistakes of its users.

    Email phishing attacks, on the other hand, don’t need a plausible lookalike website. In an email message, it only needs to resemble the genuine domain in the email itself.

    Email clients typically shorten or abbreviate lengthy domain names, for example, in the “from” (or sender) address field, or as the link destination in the message body. 

    What are the main types of similar domain name phishing?

    There are three main types of similar domain name phishing:

    Website/URL phishing

    Phishing is the act of creating a website with a URL that is either almost or actually identical to that of a real website that the victim is familiar with and trusts. It is possible for an attacker to mimic a website’s content and layout, including photos and text.

    Using characters from different languages or Unicode characters that resemble standard ASCII characters, attackers can mimic a URL without it looking like an impostor. In less convincing spoof URLs, characters that are often used in URLs are added or substituted in the hopes that the user would not notice.

    Phishing and other forms of cybercrime make frequent use of these fictitious websites. A user’s login credentials can be stolen if they are sent to a bogus login page with a legitimate-looking URL. Hoaxes and practical jokes can both benefit from website phishing.

    Email phishing

    Email phishing is the act of sending unsolicited emails from a fictitious address with a real website’s domain attached. This is possible because the email protocol, Simple Mail Transfer Protocol (SMTP), does not include domain verification as a standard feature. Modern email security mechanisms like Domain-based Message Authentication, Reporting & Conformance (DMARC) and Domain Keys Identified Mail(DKIM) give extra assurances about the authenticity of emails.

    Phishing domains frequently make use of email phishing to actively target potential victims. Using a fake domain name, an attacker can fool consumers into thinking the phishing email is authentic. In the beginning, an email that appears to come from a corporate address is more believable than an email from a random domain.

    Users may be asked to visit a certain website, download malware, open an email attachment that contains a harmful virus, or input their account information in order for the attackers to get control of their finances.

    Sophisticated attacks that use both email and website phishing are increasingly common. The email may direct recipients to an impersonated site, which asks for their login and password for the familiar account that the victim thinks they are innocently logging into.

    Domain phishing in advertising

    In order to hide the true source of their traffic, ad fraud perpetrators use faked domain names to sell advertising space on their own websites. The display adverts are thus placed on an unwelcome site, rather than the desired site.

    Why Is similar domain name phishing so dangerous?

    When it comes to cyberattacks, look-alike domains are one of the most flexible weapons since they can be used to launch a broad variety of attacks on a company. A similar domain can be used to host a false website, send an email, or do both.

    It’s quite easy to construct Business Email Compromise scams (BECs), phishing websites, and ransomware attacks, all of which have a significant impact on businesses. Phishing email scams like BECs or ransomware assaults will not be identified by email security stacks due to their look-alike domains.

    Look-alike domains are legal because they are registered and emails sent from these domains are sent through real email servers. There is a considerable risk of a breach due to the fact that these malicious emails are able to bypass many authentication systems that a corporation may have in place.

    Impersonating well-known brands is a favorite tool of cybercriminals looking to make a quick buck. Brands’ value is reduced when cybercriminals register similar domain names, develop unattractive websites with identifiable logos, or send emails that appear to be authentic.

    In addition to harming a company’s reputation, similar-looking domains also cause customer discontent and loss of revenue. Consumers become enraged at both the assailant and the brand after being tricked. As a result, they begin exploring other options, such as shopping with a competitor or spread the word to those in their network about their negative experience. 

    How can users protect themselves from similar domain name phishing?

    Be aware of the origin of the information. Is the link in an email? Was this email something you were expecting to receive? Scammers frequently send out bogus requests and warnings.

    Look closely at the web address. There may be a few additional characters in the cast. Is the URL the same when you copy and paste it into a new browser window? Homograph assaults can be detected using this method.

    You should check to see if an SSL certificate is in place. When a user visits a website, an SSL certificate acts as an identification and encryption tool for that site’s visitors. SSL certificates are often provided by an external certificate authority, and the certificate authority will verify that the entity requesting the certificate genuinely owns that domain name prior to providing one.  A secure socket layer (SSL) certificate is now required for nearly all legal websites.

    If there is an SSL certificate, verify it. Is the domain name that appears on the SSL certificate the one that one would expect to see on it? Click on the padlock icon (in Chrome) and select “Certificate” to see the SSL certificate. In some cases, the counterfeit website may have a valid SSL certificate, but just for the spoofed URL.

    Bookmark essential websites. You should have a bookmark in your browser for every genuine website. To ensure that the right URL is loaded each time, use a bookmark instead of following a link or entering the URL in the browser. Rather than typing in “mybank.com” or doing a Google search to find the bank’s website, save the address as a bookmark instead.

    How can companies stop their domains from being phished?

    Website phishing can be made more difficult by SSL certificates, which require attackers to get a legitimate SSL certificate in addition to the faked one.

    Email domain phishing cannot be prevented, unfortunately, but there are steps businesses can take to mitigate the risks. DMARC, DKIM, and other protocols can be used by companies to add further verification to the emails they send or receive, however, external parties can still send false emails using their domain if these protocols are not used.

    Red Points Domain Management combines domain portfolio identification, enforcement, and management to help safeguard your brand’s domain names on a large scale. Instances of phishing are caught by our non-stop anti-phishing software on many platforms. Our bot-powered search is quicker, cheaper, and more effective than manual detection.

    Red Points’ technology-based solutions make it easier to take down fake websites before they have a negative impact on your reputation.

    What’s next?

    Domain names have never been more valuable or vulnerable than they are in today’s competitive internet marketplaces. Domain phishing is a form of modern cybercrime in which impersonators fraudulently profit off of the likeness of recognized brands by copying their virtual identities and using them in their fraudulent domain.

    Companies of all sizes should make it a priority to preserve their brand identities through the use of domain phishing protection in order to avoid suffering losses in sales, reductions in internet visibility, or harm to their reputations.

    At first sight, or even after a second look, it could be difficult to recognize a domain that is intentionally similar to another. We are fortunate in that there are technological tools at our disposal as well as tactics that can help us identify suspected cases of fraud.

    See how you can detect and enforce domains that exploit your brand with Red Points.


    You may like...

    How to protect your website from copycats
    How to protect your business against lookalike domain attack
    How to protect your brand reputation