We have recently seen an increase in “Domain Look-alike” cyber threat activity. Look-alike domains are website addresses that closely resemble legitimate ones, but in fact, are designed to deceive users.
With the dramatic increase in e-commerce, domain names have become increasingly valuable, and deceptive domains generally contain slight variations — such as misspellings, hyphens, or additional characters — that appear almost identical to legitimate ones. Cyber Criminals create these look-alike domains to trick users into believing they are accessing a trusted website or service. In reality, they are being directed to a fraudulent one.
In one widely publicized instance, a mainland China-based organization set up its own calvinklein site. The bad actor played off the legitimate calvinklein.com site, registering a domain name calvinklein.ai (we advise against navigating there, since the disputed site may contain malicious links or other threats). This prompted the real Calvin Klein trademark owners to file a complaint with the World Intellectual Property Organization.
Size Does Not Matter
Look-alike and domain name squatters are going after organizations of all sizes. They can create significant challenges for new businesses trying to establish their online identity — where the bad actor will basically hold the name hostage, seeking a bounty — or established ones, where the Cyber Criminal will fraudulently try to get clients and other visitors to send money or other assets to a bogus account. Bad actors typically use this tactic in a phishing email, in an attempt to get you to either transfer funds away from legitimate payment sources or to reveal passwords and other sensitive data.
Besides the economic disruption that can be caused by “look-alike” domain name squatters, these fraudulent sites can lead to confusion among consumers and clients. In addition to placing visitors at risk, these misdirected sites can also damage your company’s reputation.
Targeted businesses often have to spend considerable resources on brand protection, including legal fees and domain acquisition costs. For small businesses, these expenses can be particularly burdensome.
In response to the rise of domain name squatting, several legal frameworks have been established to combat the practice. Additionally, trained eMazzanti professionals can work with you to leverage training and technology to reduce the possibility of being victimized by domain name squatters, or to mitigate the damage if someone has already acquired a domain name that closely resembles yours.
To protect your brand and mitigate the risks associated with domain name squatting, consider these proactive measures:
Register Multiple Domains: Work with your Cyber Security partner to secure various domain name extensions (.com, .net, .org), and register common misspellings of your brand to preempt potential squatters.
Monitor Domain Registrations: We can help you use domain monitoring services to keep an eye on new registrations related to your brand or industry.
Register Trademarks: Ensure your brand names and logos are registered trademarks. This may provide legal leverage in disputes and help establish your rights.
Educate and Act Promptly: eMazzanti can help you stay informed about domain name issues and act quickly if you suspect squatting. Early intervention can help resolve disputes before they escalate.
We also want to assure clients that, as part of our SOC 2 Compliance process, eMazzanti will never send an email to you requesting funds to be sent to a different location, or with another payment method, without authentication. If you receive any email that appears to be from us regarding changes in payment or any other request, please do not take any action without calling us directly at this number: 1-844-360-4400. Do not reply or engage on any other number. Our Accounting team is the only source available to confirm any payment or other changes.
Please remember that education is the best form of Cyber Security protection. We can help you and your staff with Security Awareness Training or other education and services related to domain squatting and other issues.