Domain Impersonation: When Imitation Is Not the Sincerest Form of Flattery
It’s no secret that an organization’s domain is a critical piece of the organization’s identity and business. People rarely need to manually enter a website address in their browser as search engines can give people a list of domains after entering just 2-3 letters. But how many people pay close attention to a domain address or the email domain coming from a sender?
Impersonating an organization’s domain can be a lucrative business for cybercriminals. Fortra’s 2023 Domain Impersonation Report found that the average brand is targeted by 40 look-alike domains per month. The two common types of domain impersonation are look-alike domains and email spoofing.
Domain Protection Best Practices
Organizations cannot afford to keep domain protection out of their overall cybersecurity strategy. However, resource issues plague most organizations making domain impersonation nearly impossible to combat on their own. Domain protection solutions with collection, curation, and mitigation provide the best security against look-alikes, while DMARC protection provides protection from email spoofing.
So how do organizations safeguard from domain impersonation? The following are the top three steps in domain protection best practices.
- Domain Monitoring – monitor external domain data for look-alikes. Monitoring of domains for domains that contain brands or identified terms, being used in a malicious manner, and being used in an unauthorized manner.
- DMARC Authentication – Enables administrators to prevent hackers from hijacking domains for email spoofing, executive impersonation, and spear phishing.
- Takedown – streamlining takedowns for immediate action on domains hosting phishing attacks to reduce corporate spend on defensive efforts monitoring and managing registrations.