Typosquat domains are a popular tool in the attacker’s toolkit. The look-alike domains are easy to register, abundantly available, and quite effective when leveraged as part of a phishing or ransomware campaign. To reduce the risk associated with typosquat domains, organizations need domain monitoring, a service that continuously monitors and takes down typosquat domains.
Why do I need domain monitoring?
In the digital world, your Internet domain is your brand, and your brand has value. Attackers use typosquat domains to pose as brands that consumers trust. By using a look-alike domain, attackers exploit the brand reputation of a legitimate organization to encourage users to click on a link or submit sensitive information.
It’s easy to register a domain name that appears to be from a legitimate organization — and the opportunities are plentiful. For a domain of any reasonable length, there are orders of magnitude in which there are more typosquatting variants to choose from to stage a malicious presence. For example, a six-character domain has as many as 12,000 typosquatting variants. On top of that, there are more than 3,000 top-level domains to pair with the each typosquatting instance. Anyone with a credit card or cryptocurrency can purchase large swaths of these domains.
Typosquatting works, and attackers know it. In 2021, the total number of phishing and counterfeit pages detected increased 1.5x over 2020 to a total of more than 10.5 million — and it continues to grow. The average number of phishing and counterfeit pages detected per day increased to over 29,000.
You might be under the impression that your organization is already covered, as many domain registrars offer some form of domain monitoring. However, the goal of these services is not to protect organizations against typosquatting. The goal of the domain monitoring services provided by your domain registrar is to help keep you from losing control of your domains. They alert you to when registrations are due to expire so that you can pay up before the domains go back on the market. These services do not monitor domains that are not in your possession.
How does domain monitoring work?
Domain monitoring for the purpose of protecting your brand against infringement and fraud involves continuously monitoring and taking down typosquat domains. A modern domain monitoring solution leverages AI and automation to identify thousands of typosquatting variations spanning 3,000 plus TLDs, and then continuously monitors threat level conditions and domain name availability.
Domain monitoring should deliver actionable insights in real time, including:
• Details on each suspicious domain detected
• The number of lookalike domains and fake sites by IP address, top-level domain, geography, and more
• URL construction, the TLD in use, registrant information, MX record detection, and more
• Phishing and scam risk levels
🔌 Quick plug: Bolster offers the most comprehensive and complete Domain Monitoring solution on the market. We have the industry's most extensive typosquat detection and monitoring capabilities (3,000+ TLDs), full lifecycle monitoring from pre-weaponization through to post-weaponization takedown and removal, and we are the only platform out there with built-in defensive domain acquisition functionality. Check out our solution here.
Balancing Domain Monitoring with Domain Acquisition
Your organization has likely registered some high-risk domains to keep them off the market and out of attackers’ hands. While domain acquisition helps reduce your attack surface, it obviously isn’t a viable solution in and of itself – it’s cost prohibitive to purchase all typosquatting domain variations across more than 3,000 TLDs. But domain acquisition does have a place in a domain protection strategy. In fact, a domain monitoring solution should help you right-size your domain portfolios, balancing monitoring and acquisition strategies to optimize for cost and risk.
Read our blog on domain acquisition to learn more: To Protect Your Internet Domain, Start Playing Defense
The Bigger Picture
As an Internet-facing asset, domains are part of your external attack surface. Thus, domain monitoring is an important component of external attack surface protection. Unlike your other internet-facing assets and systems, however, domains aren’t always in your direct ownership or control, so it’s important to have a tool that can provide visibility of and monitor all potential typosquatting domains – as well as the ability to take them down when necessary.
Remember: domain monitoring entails much more than keeping an eye on registration expiry dates for the domains in your possession. Domain protection requires a domain monitoring solution that looks outside to ensure the domains you don’t use aren’t being used against you.
Need an easy way to get started with domain monitoring? Request a free, no obligation domain risk report. It’s a great (and fast) way to assess risks to your Internet domains—risks that could manifest as typosquatting attacks. Simply provide your website URL and our system will analyze variations of your domain name across more than 3,000 TLDs. Within a couple business days, we’ll send you a comprehensive risk report that identifies the domain variations that pose the greatest risk to your brand and business, as well as an acquisition analysis.