Countering Domain Impersonation: An Overview of Blocking Lookalike Domains

Phishing campaigns frequently utilize deceitful domain names to achieve their malicious objectives. These lookalike domains may appear either in the From field of an email or as a link in the email's body that the perpetrator wants the victim to click on. Phishing is the most commonly employed method in successful data breaches, and it targets an organization's staff, customers, or the general public with alarming efficacy.

We identify and put an end to various forms of email abuse, such as the unauthorized use of your domain name to send phishing emails, the misuse of your brand through similar domains to send phishing emails, and the exploitation of your infrastructure to send phishing emails. Our approach involves leveraging our global disruption network and implementing an accurate and detailed configuration of your Antispam solutions along with DMARC protocols.

An effective way to defend against these attacks is to proactively purchase all possible domains that may resemble your official domains, and secure them with DNS records as outlined in this article, so that they cannot be utilized for sending or receiving emails.

However, purchasing all similar domains for your organization can be costly when you have a large number of domain names.

An alternative approach is to monitor all domains similar to yours using a tool like the one provided by and take action only when a harmful domain is detected by the platform:

Once a malicious domain has been detected, you have several options:

  1. report the harmful domain to blacklist databases.
  2. submit a complaint to the domain's Registrar and ICANN for deactivation.
  3. implement blocking of the domain in your anti-spam software.
  4. start a UDRP (Uniform Domain Name Dispute Resolution Policy) or URS (Uniform Rapid Suspension) process.

Here's an instance of a domain that we asked to be put on a blacklist :

broken image
broken image

The process of disarming domains is a time-consuming and lengthy task

Taking down a domain is not a “one size fits all” process; being able to ascertain the correct approach is critical to the speed and success of the takedown. The longer it takes, the more damage the offender can inflict to your brand, reputation, and users, and the greater the opportunity they have of diverting or stealing funds and data. 41% of domains reported for phishing are utilized within 14 days following registration.

Once it is determined if the offending domain is committing fraud or brand infringement, collecting the bundle of evidence that supports the takedown can be a lengthy, time-consuming process. Organizations often do not have the dedicated resources to implement the takedown and the task is left between the “to-do” lists of the IT and Legal teams.

Our service for taking down malicious domains provides a secure and fast solution to protect against attacks that use domains that look like yours. These fraudulent domains can be very misleading and often come with email boxes to send out malicious messages. But, with our ability to contact the most widely used blacklists such as Microsoft and Google, as well as our connections with registrars and email and website hosting providers, we can quickly eliminate these threats.

Let us help ease this potentially time-consuming process. It is your responsibility to protect your employees, suppliers, and customers, and to do so, we offer you a powerful defense arsenal including DMARC, SPF, DKIM, BIMI, and enhanced anti-spam filtering rules to detect domains that resemble your official domain names. Ensure the safety of your business by taking the necessary steps.