Think about the mythical company mynewcoolcompany, that went online by securing the .com domain to do business. They’re off to the races, right? Setting up a website, standing up mail server capabilities, and going full steam ahead with various online pursuits. But without a Domain Risk Management (DRM) strategy in place, that early success can create a false sense of security.
But what about all the top-level domains (TLDs) besides .com? Were any purchased to build a ‘digital fence’ around the legitimate domain?
And what about all the typosquat variants that fraudsters might stand up to step on the brand and business? Any protection there?
Why TLD Variants Matter
Owning the .com domain is only the beginning. The risk landscape expands quickly when you consider the thousands of other top-level domains (TLDs) available for registration.
The company purchased and registered the .com TLD for business, but there are over 3,000 more top-level-domains (TLDs) between legacy TLDs, new TLDs and country-specific TLDs.
So, what does this mean? It means a fraudster can very easily, and quickly, go out and purchase any one of those unregistered domains like for example mynewcoolcompany.info or mynewcoolcompany.net or mynewcoolcompany.info.uk and set up a fake site to start staging attacks against your customers, employees and/or supply chain.
In fact, research shows that .com domains still account for nearly 40% of all typosquatting activity, while cheaper TLDs like .xyz and .top are increasingly abused by attackers to stage phishing and brand impersonation campaigns.
The Threat of Look-Alike and Typosquat Domains
But the risks don’t just stop with securing TLD variants. There’s also the very real and sizeable threat of look-alike or typosquat domains, including:
thenewcoolcompany.com
- A similar but altered name that creates confusion for users
- Often used for phishing campaigns, where attackers mimic the real brand’s site design and language to steal credentials or payment information
mynewcoo1company.com
- A character swap (using “1” instead of “l”) that is difficult to detect at a glance
- Frequently leveraged in business email compromise (BEC) scams, tricking employees or vendors into thinking the domain is legitimate
mynewcoolcmpany.com
- A missing-character variation that looks close enough to pass casual inspection
- Commonly used for malware distribution by hosting malicious downloads or fake login portals
These malicious variants can:
- Be developed into full-blown fake websites, complete with stolen branding, logos, and copy
- Divert traffic from legitimate sites, leading to lost revenue and customer trust
- Target employees and partners directly with spear-phishing or spoofed email campaigns
- Damage your domain reputation by being associated with fraudulent or illegal activity
Left unchecked, the number of potential look-alike or typosquat domains grows exponentially with the length of your domain name, making manual monitoring impossible without automated domain risk management tools.
How the Problem Scales Out of Control
The problem of look-alike or typosquat domains can quickly become an out-of-control problem as it is a function of the number of characters in the domain name. As the number of characters increases, so too do the number of look-alike or typosquat combinations (see Figure 1 below). We can extrapolate that for our 16-character mynewcoolcompany example, the problem is acute.
Figure 1: Containing look-alike or typosquat domains can quickly get out of control
Two Paths to Domain Defense
Companies have two principal lines of defense here.
They can look to purchase and register all the domain variations (TLD variants, look-alikes, typosquats, etc), but as you see that will very quickly outstrip most budgets. The only way for this to be viable and economical is with the use of AI to build purchasing recommendations with algorithms that factor in cost and relative risk. AI-based domain acquisition makes this approach both viable and cost-effective, enabling smarter prioritization based on risk and budget.
Alternatively, organizations can continually monitor the Internet for look-alike and typosquat domains assessing risk and remediating on an ongoing basis. But without AI and automation this process will be unending and overwhelming given the frequency with which changes occur at the domain registration level, combined with ever-changing threat conditions, and the overall volume of data at hand.
Building a Digital Fence with Defensive Domain Acquisition
As mentioned earlier, it’s also quite common to construct a ‘digital fence’ around one’s domain by purchasing additional domains (TLD variants & typosquat variants) based on availability. To aid with that, we include a free defensive domain acquisition report based on scanning 3,000+ TLDs to identify available domains and associated acquisition costs. We then apply AI and budget inputs to arrive at a prioritized set of domains that can be registered using Bolster’s defensive domain acquisition registrar service.
Real-Time Domain Monitoring for Ongoing Protection
With reports in hand, consider two capabilities to boost your domain defenses:
Real-Time Domain Monitoring: Sign-up for an ongoing Domain Monitoring service from Bolster. We’ll build off of the Domain Risk Report to construct an online real-time dashboard with full visibility and interactivity. You’ll be able to easily identify TLD, look-alike and typosquat variants, prioritize them based on threat level, and monitor them all for changes. You’ll be able to detect new registrations, for example, and monitor them for weaponization. This will allow you to get ahead of threatening conditions, taking critical remediation action before bona-fide attacks occur.
Defensive Domain Acquisition: As discussed earlier, acquiring domains to create a ‘digital fence’ around your domain can get expensive unless done with the assistance of AI. Consider working with Bolster to adopt a defensive domain acquisition strategy using our AI smarts to optimize spend where threats are most real and prevalent. Our capabilities have proven to reduce expenses by up to 90% vs. brute-force purchasing while optimizing investments where risk is greatest.
Get a Free Domain Risk Report
We can help starting with a free, no obligation, Domain Risk Report, to help you size up the potential risks to your domain. The detailed report, prepared in less than 48 hours, will include all look-alike domains detected including TLD variants as well as typosquat domains. Our system will scan and score all of these results to build a prioritized set of findings based on threat level. The system will display domain threats by geography, by hosting provider, by IP address, and by top TLD. All of this will help you build an action plan to address the most threatening conditions most immediately.
The Domain Risk Report will provide a snapshot in time. Conditions will of course continue to change. So, while the report is critically informative, it’s imperative that you put a plan in place moving forward that affords you with both the ongoing visibility to see emerging threats and the capabilities to mitigate them as they occur.
Figure 2: Bolster Domain Risk Report provides a comprehensive, global threat assessment
Your Next Move: Master Your Domain Risk
Whichever capabilities you consider—real-time domain monitoring, defensive domain acquisition, or a combination of both—put a plan in place because as they say, the best offense is a strong defense. And as always, we’re here to help. We’ll work with you to build a domain defense game plan that’s right for your business.
Start now! Request your free Domain Risk Report today!
To learn more about domain monitoring, read our whitepaper: Guide to Domain Monitoring and Remediation
