On April 20, we celebrate National Look-Alike Day. It’s the perfect time to see which people have similar features as you, instead of that completely normal person you bumped into at the supermarket. As for me, I think I look similar to producer and director Randy Barbato! Do you see the similarities?
While it’s fun to compare apples to oranges, it is important to see how this holiday can tie into look-alike domains. Cybercriminals do their due diligence to identify external individuals and in turn, use similar looking domains and social engineering skills to make it seem like communication is from the actual person.
To illustrate this threat with real examples, last year security vendor Agari found that 23%, or nearly 1 in 4, business email compromise attacks are sent from a lookalike domain registered by the attackers. Three years ago the threat actors behind Nemty ransomware created a Paypal phishing site that was made to look like Paypal’s legitimate domain with the use of Unicode characters from different alphabets. A few years back the homographic-including “ɢoogle.com” was purchased and in turn, used in phishing campaigns. Threatpost researcher Avi Lumelsky found that it’s really not that hard to set up a convincing-looking Google phishing website from scratch.
Not only can these look-alike domains fool even technically-minded people, new top-level domains are available every year. These factors make all organizations, regardless of industry or size, to be vulnerable to this type of threat.
Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain. Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.
Let’s stay safe out there (and have fun finding your doppelganger, too).
Here's how it's done:
