Doppelganger domains, also known as look-alike domains, pose a significant risk to organizations, especially small businesses. These deceptive domains resemble legitimate ones, making them an ideal tool for cybercriminals. In this blog, we’ll explore what doppelganger domains are, how they are used against unsuspecting victims, and practical steps to protect your business. Cybersecurity is no joke, and you need to secure your business.
“Imitation domains are a risk to organizations because they can prompt phishing scams or contain malware.”
Stu Sjouwerman, CEO of KnowBe4
What Are Doppelganger Domains?
Doppelganger domains are web addresses that mimic legitimate domain names. They exploit similarities in spelling, characters, or structure to deceive users. Here are some common tactics cybercriminals have used:
-
- Typosquatting: Cybercriminals register domains with slight misspellings of popular websites. For instance, “goog1e.com” instead of “google.com.”
- Typosquatting: Cybercriminals register domains with slight misspellings of popular websites. For instance, “goog1e.com” instead of “google.com.”
-
- Subdomains: Subdomain doppelgangers mimic legitimate subdomains used by organizations. These domains omit the dot between a company’s hostname and subdomain name, for example, “www.mail-google.com” instead of “www.mail.google.com.”
- Subdomains: Subdomain doppelgangers mimic legitimate subdomains used by organizations. These domains omit the dot between a company’s hostname and subdomain name, for example, “www.mail-google.com” instead of “www.mail.google.com.”
-
- Hyphenation and Symbols: Malicious domains often include hyphens, underscores, or other symbols. For example, “google-reply.com” Legitimate websites rarely use such elements in their domain names.
Let’s look at real-life examples using Advanced Business Solutions’ domain:
-
- advancedbusinesssolutions.com – Legitimate domain name
-
- advancedbusinessolutions.com –Typosquatting
-
- advanced.businesssolutions.com – Subdomains
-
- advanced-business-solutions.com – Hyphenation
The Risks Posed by Doppelganger Domains
-
- Phishing Attacks
Doppelganger domains are a favorite tool for phishing campaigns. Attackers create fake login pages, enticing users to enter sensitive information (such as usernames and passwords). Unsuspecting victims fall prey to these traps, compromising their accounts and potentially exposing their organizations to data breaches.
- Phishing Attacks
-
- Malware Distribution
Malicious actors use doppelganger domains to host malware. Users who visit these sites may unknowingly download malicious files or execute harmful scripts. Small businesses, lacking robust cybersecurity measures, are particularly vulnerable to such attacks.
- Malware Distribution
Fraudulent Wire Transfers
Doppelganger domains are not just a tool for phishing and malware distribution; they are also used in more direct financial scams, such as fraudulent wire transfers. Cybercriminals often use these domains to impersonate trusted individuals within an organization, such as senior executives or finance department personnel.
Here’s how the scam typically unfolds:
-
-
- The attacker registers a doppelganger domain that resembles the company’s legitimate domain.
- They then craft an email that appears to come from a senior executive or trusted partner, using the fake domain to add credibility.
- The email usually contains an urgent request for a wire transfer, often citing a confidential or time-sensitive business reason.
- The recipient, believing the request to be legitimate, initiates the transfer, sending funds directly to the criminal’s account.
-
This tactic, known as Business Email Compromise (BEC), relies on the social engineering aspect of doppelganger domains to trick employees into transferring large sums of money. The consequences can devastate small businesses, leading to significant financial losses and potential legal complications.
Protecting Your Business
-
- Financial Policy
Create a company policy to verify any unusual financial requests through a secondary communication channel, such as a phone call, especially if the request comes via email.
- Financial Policy
-
- Employee Training
Educate employees about the risks of doppelganger domains. Teach them to verify URLs, especially in emails, before clicking on links.
- Employee Training
-
- Implement DMARC
Domain-based Message Authentication, Reporting, and Conformance (DMARC) helps prevent email spoofing. Configure DMARC policies to protect your domain reputation.
- Implement DMARC
-
- Have a Solid Cybersecurity Insurance Policy
Some businesses rely on general liability insurance, which provides minimal coverage in the event of cyberattacks or data breaches. This is not enough to protect against sophisticated intrusions, such as ransomware, which means you must dedicate resources to ensuring you are as protected as possible against these types of attacks.
- Have a Solid Cybersecurity Insurance Policy
Take Action: Get a Doppelganger Domain Report
Are you wondering if your domain has doppelganger domains? Requesting a doppelganger domain report for your business can identify potential threats and take proactive steps to safeguard your online presence. Remember, cyber awareness is the first line of defense against these deceptive domains.
