Our domain monitoring tool helps you protect your business from the dangers of typosquatting. Learn how it works here.
Scammers can use a dozen or more ways to change a domain name so that it looks like yours. These subtle variations are spotted using clever algorithms to produce a shortlist of suspect domains to investigate further.
Registrars, hosting, and internet service providers use incredibly sophisticated systems these days. A convincing website can take minutes to set up and activate before criminals are ready to target your customers. Phishing or smishing campaigns to harvest sensitive personal details, spread malware, or divert payments, are just some ways criminals make use of these sites.
To keep your domain name secure, start with a clear policy. If you have a single website, let your customers know. If your policy states that you will never send customers a link in an email, then stick to it. Customers who know how and when suppliers will contact them will be suspicious of unsolicited communications and are more likely to avoid scams.
Trademark infringement is, perhaps, the most straightforward justification for removing a domain. So, making sure your brands, domains, products, straplines, and logos are effectively protected is critical. If there are very common misspellings of your brand names, you should consider registering domains for them. Decide which top-level domains (TLDs) are beneficial for your business, including country-specific domains like ‘.co.uk’ and register domains for them too.
Finally, monitor everything! Sudden dips in website traffic can indicate an active typosquatting campaign. An increase in complaints to your customer services or negative social media comments could reveal fraud cases against your customers. Use a Dark Web Monitoring tool to scan for attack planning indicators. And, of course, introduce Domain Monitoring for your website and associated brand terms.
Selecting a tool that lets you look for multiple types of data and information will help you protect more of your important assets.
Whether you’re an IT manager looking for a first step into domain monitoring
or a CISO with an established SOC team seeking intelligence from external sources, Skurio can help.
“It’s incredibly powerful when you see your information is on the Dark Web and you can see how easily it can be sold or shared.”
High profile brands have been the most frequently targeted businesses historically. As a result, their customers have learned to be careful, and criminals are shifting their focus to smaller organisations. Brand trust built up over many years can be lost overnight by angry customers who’ve been scammed, so you need to protect your customers from being next. Domain monitoring can help with this.
Not all domain registrations lead to fake websites however. You might think a registered domain poses no threat if a site doesn’t exist, but this doesn’t mean the URL isn’t a threat. Behind the scenes, it might be actively sending phishing emails if mailbox services exist. Another strategy used by scammers is to register a domain but leave it parked for later use. This tactic has two benefits. Firstly, the targeted business may dismiss a domain as a risk if it isn’t active, so an immediate takedown request is less likely. Secondly, phishing campaigns are most successful if they are topical, so fraudsters will wait until the perfect opportunity arises. A new service launch or product recall announcement are good examples where scammers can benefit from an upswing in traffic. In short, monitoring parked domains for a change in status is important too.
Checking registrations by hand is not an option. Security teams are dealing with unprecedented threats today. The pandemic has increased digital risk with key staff working remotely. At the same time, companies are now doing more business online and using third-party applications. Manual domain monitoring for newly registered domains that look like yours takes a lot of time and diverts precious resources from critical tasks.
Popular websites and brands invest a significant amount in registering every possible variation of their domains to prevent fraudsters from getting their hands on them. Most businesses, however, don’t have such deep pockets and keeping on top of renewals is time-consuming. If registrations lapse, criminals are quick to pounce because threat levels are higher for recent registrations.
In truth, you can’t stop scammers from setting up malicious domains that imitate your brand. Spotting them and acting fast is the best way to improve your chances of success.
Most registrars and Internet Service Providers are keen to assist when notified of criminal or fraudulent activity. Takedown requests can still be tricky, nonetheless. Since the introduction of GDPR, individuals registering new domains don’t need to share their details publicly. Contacting the hosting provider in the first instance to remove malicious content is a step to protecting your customers. If this is the case, it’s vital to collect any evidence necessary for future legal proceedings.
It is crucial to use a monitoring tool that provides flexibility with your search terms. If you use a service that limits you to searching for one domain URL, you could, for example, miss new sites that use your product names instead. Make sure you can monitor for all your brand and product names, not just your main company website.
Next, check that new domain registration source feeds used by the domain monitoring tool are reputable and accurate. If there are specific country or industry TLDs you want to monitor, make sure they are included.
It’s all about the timing. Don’t run the risk of losing your window to take action by using a service that provides you with a weekly or monthly report of suspicious domains. Look for instant alerts, ideally with a mobile option for when you aren’t in the office.
Getting good advice is often the difference between a swift takedown or a lengthy legal battle. Automated tools are excellent for spotting potential threats but taking action to remove them requires skill and experience.
Skurio Digital Risk Protection is a SaaS cybersecurity solution designed for any business to use. Domain Monitoring for typosquatting comes as part of the service. It features instant alerts and in-app access to advice from threat analysts and takedown requests, making it an ideal choice for companies with stretched resources.
Watch this BrightTalk webinar to learn about: the types of business data shared and sold on the Dark Web and beyond, the risks associated with that data falling into the wrong hands and how to find out if your important data has been breached – safely!
Discover if your data already exists on the Dark Web or anywhere it shouldn’t be
– request a personalised Digital Footprint Report and benchmark your business against others in your sector.