It’s not uncommon for people to be victims of lookalike domains, especially for popular platforms such as Facebook and Google. Cybercriminals use these copycat sites to impersonate reputable organisations to perform various harmful acts. They can use these to send phishing emails or malware delivery to damage your credibility and brand. Besides well-known platforms, it’s not unlikely that smaller businesses can experience similar attacks with their websites.


Thinking with the mind of a cybercriminal

One way to protect your digital platforms from lookalike domains is to understand how cybercriminals find their targets. First, they scope out potential businesses that are successful enough to impersonate. Next, they alter the legitimate name and create a fake site by adding hyphenations or adding and omitting letters.

Cybercriminals will then check for the availability of their chosen alternate names through the WHOIS database. More sophisticated scammers can use automated tools to use a script that can generate different variations to determine which ones are available. After finding the right match, they’ll register it online and create DNS records to make them harder to trace. They can even swap from one host to another to increase the complexity of their attack.

Building the website is generally easy to execute since these criminals can lift your site’s assets directly. However, the trickier part involves obtaining SSL certificates to make their website appear legitimate. They then spread the link in various sources, like phishing emails, SMS, and blog comments.


Dissecting common threat types of lookalike domains

Impersonating a website can be a deadly tool to fool business owners and their customers. Cybercriminals use more than one strategy to trick people into sending their personal information or credit details. Listed below are three ways they can con victims through digital spaces.

  1. Impersonating websites with monetised links: When a registrant parks a domain, they can capitalise on visiting traffic through monetised links. A cybercriminal can degrade the authenticity of their target by creating a lookalike domain. Over time, these domains can age and lead to the original domain owners incurring penalties through low reputation scores or claims for malicious activity. The criminals will then ask for a ransom fee to transfer ownership of their domain.
  2. Phishing sites: Instead of developing a site to scam the domain owner, phishing sites directly target your potential customers. By developing a login site where your customers need to enter their credentials, scammers can take hold of their online accounts to engage in fraudulent activity. They can perform unauthorised purchases or transfer or withdraw digital credits to their dummy accounts.
  3. Malware delivery: A more complex form of cyber attack involves sending malware to domain owners through lookalike domains. Cybercriminals can use banking Trojans or Ransomware attacks to cause massive damage to your internal database. If you don’t have robust security measures in place, your company and customer data are at risk.


Protecting your enterprise’s digital platforms all boils down to reinforcing robust preventative measures. By securing your data and implementing threat mitigation strategies, you reduce the chances of experiencing massive losses from cybercriminal attacks. However, your business can go the extra mile by having a proactive security team that can monitor and respond to unauthorised access and fraudulent activity against your websites.

FraudWatch International is a brand protection company that can protect your brand from fraudulent cybercriminals. Contact our cyber intelligence analysts, and we’ll provide the necessary measures to keep your brand safe against different cyber threats.