In the ever-evolving landscape of cybercrime, look-alike domains remain a constant component in the vast majority of threats. Look-alike domains or, URLs that resemble those of a legitimate brand, can cause significant damage to brand reputation by way of fraudulent websites, phishing schemes, malware distribution, and more.
Original research conducted by Fortra’s PhishLabs analyzes how look-alike domains targeted unsuspecting victims during the first half of 2023. According to the report, the average brand faced nearly 40 look-alike domain attacks per month, with a significant spike occurring in June. Of those classified as malicious, almost 77% were phishing sites, created to steal sensitive information.
Detection of look-alike domains can be challenging for security teams, as changes to a domain record can transform a benign URL into a threat without warning. Mitigation can be equally time consuming, as most providers require sufficient evidence of abuse to justify a look-alike domain’s removal. In order to protect against domain impersonation, organizations should be knowledgeable of the domains targeting their brands and how they are used in attacks.
Key findings from the report include:
- In H1 2023, the average brand was targeted by nearly 40 look-alike domains every month
- 77% of look-alike domains deemed malicious hosted phishing sites
- Cybercriminals are now paying to register look-alike domains after free registrations of top-level domains decreased by 80% in Q1 2023
- For the first time since reporting on domain data, Fortra has seen cybercriminals favoring Country-Code Top-Level Domains (ccTLDs)
- More than 62% of spoofed email display names impersonated well-known brands, including Microsoft and Google