What is cybersquatting and how can you protect your brand?

Impersonation fraud is one of the biggest threats facing today’s businesses — and the threat continues to grow. In fact, the US Federal Trade Commission reports that impersonation attacks, which includes misleading domain names (also known as cybersquatting), are increasing at the rate of 85% year-over-year and have cost organizations more than $3 billion. And the problem is worldwide; UK-based NatWest group reports that more than seven in ten British adults have been targeted by scams in the last year, with 21% targeted by impersonation scams.  

But that’s not all. News stories and statistics paint a concerning picture of the prevalence and impact of impersonation fraud: 

Even massive government agencies are not immune from the threat of domain impersonation. Bleeping Computer reported that attackers created lookalike domains to imitate the US Department of Labor website, attempting to steal users’ Office 365 credentials by asking recipients to submit bids on a government project.  

With numbers like these, it’s easy to understand why CISOs and IT managers are looking to protect their brands and businesses from the real-world consequences of successful brand impersonation attacks — from reputational damage to legal ramifications. Let’s take a closer look at the most common types of brand impersonation attacks, explore the scope and forms they take, and discuss steps you can take to help mitigate these threats in your organization. 

impersonation attacks icon
Get a free attack surface analysis

Brand impersonation attacks  

Cybercriminals use numerous types of impersonation attacks to trick users into downloading malware or providing sensitive information. Common brand impersonation attack types include: 

  • Phishing: In a phishing attack, a cybercriminal tricks a user into divulging sensitive information or downloading a nefarious application by sending an email that appears to be from a legitimate organization. 
  • Account takeover: A takeover attack happens when a cybercriminal creates a website or login page that aims to trick the user into entering sensitive login information so they can gain access to that user’s account.  
  • Malware: Cybercriminals spread malware by tricking users into thinking they’re installing a legitimate application from a reputable brand. For example, criminals may use Microsoft logos and product names to try and convince users that they’re installing a valid application when they’re actually installing a keystroke logger or other nefarious software. 
  • Cybersquatting: Cybercriminals who practice cybersquatting attacks take things a step further — they register a domain name similar to a legitimate brand’s domain name. Their hope is to fool users into thinking that they’re interacting with the legitimate brand’s website, allowing them to do anything from stealing login credentials to capturing credit card information.  

Cybersquatting attack tactics 

Cybercriminals rely on a number of different tactics to register lookalike domains with intent to deceive, including:    

  • Homoglyhps: Mapping of (a set of) characters which can be mistaken for another character, exampie.com 
  • Typosquatting: Mapping of (a set of) characters which are often mistyped and replaced by another (set of) character(s), rxample.com 
  • Hyphenation: Adding hyphens to the input domain to generate a new domain candidate,  
  • Transposition: Swapping the order of subsequent characters, exmaple.com 
  • Repetition: Repeating one (or more) character(s), exampple.com 
  • Omission: Leave out one (or more) character(s), exampe.com 
  • Bitsquatting: Changing a bit in the ASCII representation of a character, axample.com 
  • Delimiter omission: Leaving out a delimiter (dots and dashes), wwwexample.com 
  • Top-level domain swap: Swapping the TLD for another TLD, example.net 

Protecting your brand from impersonation and lookalike domains 

Certainly, CISOs and IT managers have their hands full when it comes to keeping your organization safe. But there are specific things that you can do to help protect your organization from brand impersonation, including: 

Provide ongoing education: An alert, educated user can be one of your organization’s best defenses against falling victim to an impersonation attack. Ensure your organization offers regular training sessions for employees, helping them learn the best way to recognize and report potential impersonation attempts. 

Perform brand monitoring with threat intelligence: Employ a threat intelligence platform to monitor and analyze online brand mentions. Threat intelligence platforms can alert you to unauthorized uses of your brand name or logo, empowering you to take swift action against potential impersonations. 

Register similar domains: One of the best ways your organization can keep cybercriminals from registering lookalike or similar domain names is to proactively register them for your business so bad actors can’t acquire them.  

Deploy an External Attack Surface Management (EASM) solution: An EASM solution allows you to continuously scan for domains that resemble or mimic your brand, including the tactics listed above. This means that you can detect (and put a stop to via a takedown service) potential impersonation attempts before they’ve had the chance to grow or spread. The most effective EASM solutions — like Sweepatic EASM — automatically gather data and use AI-driven analysis modules to analyze your organization’s internet-facing assets for potential vulnerabilities and attack paths. 

Domain discovery with Sweepatic EASM

A multifaceted approach to protection 

Brand impersonation (especially cybersquatting) poses a significant threat to organizations — and you must take a multipronged approach to successfully protect against it. Ensure you educate your employees about threats and monitor and analyze online brand mentions with a robust threat intelligence platform. Invest in an EASM solution that allows for early detection of potential threats and register similar domains to keep cybercriminals from being able to use them. By taking these steps, you’ll be keeping your organization, brand, employees and customers safe — and safeguarding your brand’s integrity and reputation in the process.  

Specops Software’s parent company Outpost24 is proud to present an EASM solution for continuous discovery, analysis, and monitoring of everything connected to your company’s online exposure.

Learn more and request your free attack surface analysis.

(Last updated on January 29, 2024)

Back to Blog

Related Articles

  • Is your SSO login protected enough?

    Today, many organizations use more systems than ever, spanning on-premises and cloud environments. As a result, employees are tasked with remembering more and more passwords as the number of systems and services continues to grow. Single Sign-On (SSO) is a technology many organizations are leveraging to help ease the pain of using multiple systems. How…

    Read More
  • 3 steps to take after a security breach

    For a long time now, Specops has been advising organizations on how to protect their network and data against common security threats. We’ve managed to cover everything from sophisticated social engineering tactics, to the simple phishing email. Along the way, we’ve repeated the importance of a strong password/passphrase, or better yet, additional layers via multi-factor…

    Read More
  • Vulnerability testing vs. Penetration testing

    With the wide range of growing cybersecurity threats creating risks for businesses today, organizations must be proactive in their approach to cybersecurity. The days of reactive security and waiting for cybersecurity incidents are over. The sheer scope, scale, and damage path of today’s cybersecurity incidents are far too great to react passively. Instead, businesses must…

    Read More