Zscaler: There are 200 Malicious Lookalike Domains for Every 1 Impersonated Brand
Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive.
From February 2024 to July 2024, Zscaler’s ThreatLabz tracked more than 30,000 lookalike domains that impersonated some of the world’s most well-known brands. As part of that analysis, there were some consistent trends worth sharing:
- Of the 30,000 lookalike domains impersonating a little over 500 brands, 10,000 of them were malicious
- Google, Microsoft and Amazon topped the list of most impersonated brands, representing nearly 75% of all of the websites
- SSL certificates are commonly used to establish credibility with a secure connection, with nearly half of them issued by Let’s Encrypt
- Messaging platforms are often used to direct potential victims to impersonated domains, while typosquatted domains simply rely on mistyping on the part of the victim
The takeaway from this analysis is that threat actors are not always targeting their victims and, instead, are creating opportunities for themselves by, essentially, leaving a website “trap” for their victims to mistake for the real thing.
The measures necessary to counteract these sites start with a modern web scanning solution and DNS protection — these will (hopefully) catch all of the impersonated domains. But, assuming 100% of the sites won’t be stopped, it’s also necessary to have security awareness training in place so users play a role in remaining vigilant when coming across these sites and not fall for their lookalike nature.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Discover dangerous look-alike domains that could be used against you!
Since look-alike domains are a dangerous vector for phishing attacks, it’s top priority that you monitor for potentially harmful domains that can spoof your domain.
Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.
Here’s how it’s done:
- Get detailed results of look-alike domains found similar to your primary email domain
- You can now quiz your users with your look-alike results
- Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
- It only takes a few minutes to discover your “evil domain twins”!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/domain-doppelganger-partner?partnerid=001a000001lWEoJAAW