Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Zscaler: There are 200 Malicious Lookalike Domains for Every 1 Impersonated Brand

    Malicious Look a Like DomainsAnalysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive.

    From February 2024 to July 2024, Zscaler’s ThreatLabz tracked more than 30,000 lookalike domains that impersonated some of the world’s most well-known brands. As part of that analysis, there were some consistent trends worth sharing:

    • Of the 30,000 lookalike domains impersonating a little over 500 brands, 10,000 of them were malicious
    • Google, Microsoft and Amazon topped the list of most impersonated brands, representing nearly 75% of all of the websites
    • SSL certificates are commonly used to establish credibility with a secure connection, with nearly half of them issued by Let’s Encrypt
    • Messaging platforms are often used to direct potential victims to impersonated domains, while typosquatted domains simply rely on mistyping on the part of the victim

    The takeaway from this analysis is that threat actors are not always targeting their victims and, instead, are creating opportunities for themselves by, essentially, leaving a website “trap” for their victims to mistake for the real thing.

    The measures necessary to counteract these sites start with a modern web scanning solution and DNS protection — these will (hopefully) catch all of the impersonated domains. But, assuming 100% of the sites won’t be stopped, it’s also necessary to have security awareness training in place so users play a role in remaining vigilant when coming across these sites and not fall for their lookalike nature.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

     

    Return To KnowBe4 Security Blog

    Discover dangerous look-alike domains that could be used against you! 

    Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

    Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

    DomainDoppelgangerResults-1Here's how it's done:

    • Get detailed results of look-alike domains found similar to your primary email domain
    • You can now quiz your users with your look-alike results
    • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
    • It only takes a few minutes to discover your “evil domain twins”!

    Find Your Look-Alike Domains!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-doppelganger

    Topics: Social Engineering, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews