Domain Name Scams: Part I – What They Are and How to Spot Them

Domain names have become a critical component of business branding, allowing a business’s website and email address to be easily identified by the public. Consequently, issues pertaining to fraudulent domain names are not a new occurrence. To minimize the risk of falling victim to scams, misleading customers or damaging your brand, it is essential for businesses to actively monitor for potential domain name fraud. Prompt intervention can often mitigate these risks.

In this three-part series, we provide an overview of domain name fraud as it stands today by focusing on the following topics: 

• Part I: The current landscape of domain name fraud and helpful identification methods
• Part II (coming mid-October): Best practices for preventing and preparing for such threats
• Part III (coming late October): Effective ways to respond once a fraudulent domain has been identified

What is Domain Name Fraud?

Scammers are actively looking for new methods to deceive the public, including through domain name fraud.

Domain name fraud involves the use of deceptive domain names to trick individuals or organizations into providing valuable information or transferring funds. Scammers will create domain names that closely resemble legitimate ones, allowing them to discreetly obtain information or payments through email communications. By the time the fraudulent domain is detected, it may be difficult to identify the perpetrator or recover losses.

One common way scammers exploit deceptive domain names is through phishing email schemes. A phishing scheme occurs when a scammer impersonates a legitimate organization or individual to deceive victims into disclosing sensitive information, such as login credentials or financial data, typically through fraudulent emails, websites or messages that appear authentic. The objective is to exploit the victim’s trust and gain unauthorized access to personal or financial resources. (For more information regarding phishing e-mails and other tactics used by cybercriminals, please consult the Blakes Canadian Cybersecurity Trends Study 2024.) 

Moreover, a scammer may go further, creating a website that corresponds to the fraudulent domain name. By using the organization’s name and likeness without their consent and creating a website which is confusingly similar to the original one, the scammer will aim to bring customers to submit sensitive information through the fraudulent website. Another tactic that scammers use is cybersquatting: the scammer purchases domain names similar to those of legitimate businesses, hoping to sell them back at an inflated price.

Note: Domain name fraud differs from business email compromise (BEC) attacks and is a distinct type of cyber threat. While domain name fraud involves creating fake domain names, email accounts or websites to impersonate legitimate entities, a BEC involves a scammer gaining unauthorized access to a real email account. This allows the scammer to impersonate the victim using a legitimate, yet compromised, domain name. As a result, a BEC can lead to the mass distribution of phishing emails and unauthorized access to data. We note that both domain name fraud and BEC can be used in combination with one another.

How to Identify Fraudulent Domain Names

Fraudulent domain names are designed to closely resemble legitimate domain names, with subtle differences that may not be immediately apparent. Consequently, they appear confusingly similar to the legitimate domain name, allowing scammers to successfully deceive online users. Here are some common tactics used to create these misleading domain names:

• Common misspellings or typographical errors: Like “amzon.com” instead of “amazon.com”
• Adding or subtracting plurals: Such as “example.com” vs. “examples.com”
• Using similar-looking numbers in place of letters: For instance, replacing “O” with “0” or “I” with “1”
• Changing the order of letters: For example, using “goolge.com” instead of “google.com”
• Adding descriptors to the organization’s name: Terms like “group” or “grp,” “department” or “dept” can imply affiliation, sponsorship or endorsement by the organization
• Changing the top-level domain (TLD): For example, using “.net” instead of “.com”

Fraudulent domain names typically differ only slightly from legitimate ones and often rely on optical illusions, making it challenging to identify them. To protect yourself from these deceptive domains, always double-check URLs for any inconsistencies, use trusted security tools and stay informed about common phishing tactics.

Later in this series, we will delve into best practices and effective response strategies for handling d0main name fraud. As a general best practice, taking proactive measures in all the scenarios mentioned can significantly reduce potential negative impacts.

Did you spot the issue in the paragraph above?

For more information, please contact the authors or any other member of our Cybersecurity group.