The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.
The second act of a phishing attack intent on tricking the victim into providing valuable information is the website they are taken to. It has to look and feel like the real thing. But it also needs to have a domain that doesn’t raise suspicion. Thus, the advent of lookalike domains.
According to Fortra’s 2023 Domain Impersonation Report, the average brand was targeted by 39.4 look-alike domains per month in the first half of 2023. In June, that average number spiked to 73.75 domains per brand – the highest seen by Fortra.
In over half of the attacks, the domains hosted branded content to look just like the domains they impersonate. Imagine having an average of 40 sites looking just like your company’s site, tricking customers into logging in.
The telltale sign is the domain name itself. Teaching users (through new-school security awareness training) to always make sure the domain they are visiting is the official website for the brand presented is the easiest way to ensure users don’t become victims.