The Ultimate Guide to Domain Monitoring and Typosquatting Prevention

Typosquatting and domain impersonation are on the rise. If they're not on your security radar already, they should be. Here's why...

How big is the problem?

Well, it's big. According to Google Search, it finds and blocks around 40 billion pages of spam and malicious content every day. That's a six-fold rise from 2021! Google may be doing a great job preventing unsuspecting surfers from visiting malicious sites, but search results are merely one way of generating traffic. Your company (I don't think most IT managers/security peeps think of their company as a "brand"...)and customers could become victims of typosquatting despite their best efforts.

Why should you care?

Domain impersonation attacks are becoming increasingly sophisticated and can have serious consequences, including data breaches, financial loss, and damage to a company's reputation. Organisations can proactively identify and block these attacks before they cause harm by monitoring for potential domain impersonation attempts. Without domain monitoring, businesses probably wouldn't know that an impersonation attack has occurred until it's too late. So, this type of monitoring is a vital part of a comprehensive cybersecurity strategy.

Types of typosquatting attacks and their impact

Domain spoofing: Attackers create websites with similar names to legitimate ones to trick users who mistype the URL. For example, a typosquatting attack against the cryptocurrency exchange Binance led to the theft of over $40 million in 2019.

Brand abuse: Attackers create domains that include a brand name to mislead customers into believing they are visiting an official website. In 2020, for example, a website claiming to sell COVID-19 vaccines was fake and used the AstraZeneca name.

Pharming: Scammers register fake domains to set up websites that capture sensitive information from victims. In 2020, cybercriminals ran a phishing campaign using a fake HMRC website to trick taxpayers into providing their personal and financial information. The attackers sent emails to victims that appeared to be from HMRC and directed them to the fake website that prompted victims to enter their login details.

Phishing: Cybercriminals use fake domains to send emails that appear to come from legitimate businesses. In 2016, Cybercriminals stole £2.5 million from Tesco Bank customers using a phishing email campaign that directed them to a fake but convincing website. The attackers obtained the customers' login credentials and used them to make fraudulent transactions.

How do you spot a dodgy domain?

There are two ways to monitor for domains that mimic your own. The first is to generate all the possible typosquatting variations for your web address and check if they are registered regularly. These variations include misspellings, substituted letters or common typos. The second method is to monitor new domain registrations for brand terms that could indicate cybercriminals are planning to launch an impersonation attack. Either way, you could have your hands full!

Depending on your brand name, you could get hundreds of potential matches. And, of course, many may be legitimate. An automated solution can save time and effort, as it can filter false positives and indicate which registrations carry the highest risk.

What can you do if you find one?

Investigating malicious domains can put your team at risk. You certainly don't want your staff to become victims of malware! That's why we've created a step-by-step playbook to guide you through the process. Criminals often register and park domains for later use. If no website or mail server exists, you can’t assume it won't be in the future. Proactively monitoring for DNS changes on high-risk domains helps you spot threats sooner and take appropriate action.

If it sounds complicated, don't worry! We have a fully automated Domain & DNS Monitoring solution that will help you do all of this simply and easily. The Skurio Digital Risk Protection platform helps you spot typosquatting threats sooner so you can take action quickly to neutralise any threat or monitor parked domains for critical status changes.

Watch our on-demand webinar to see how it works.

Or download our new Domain Monitoring Playbook to learn how to keep your business - and customers - safe.

Posted by Justine Siebke


Have your say...