Cybersquatting is a form of brand impersonation. These types of attacks are increasing 85% year-on-year worldwide, putting businesses at risk of reputational damage and legal ramifications.
70% of NatWest customers have been targeted by scams in the last year, with 21% of attempted attacks being brand impersonation attacks.
How does cybersquatting work?
There are many ways attackers can impersonate your brand for malicious gain. They may use your corporate email template in a phishing attack, or your logo on dangerous pop-ups and downloads. Attackers are even using paid advertising (malvertising) to create lookalike ads that lead to malicious websites.
Cybersquatting takes these techniques a step further. The cyber criminal will register a domain similar to a legitimate domain and use the site for anything from capturing bank details to stealing login details.
Cybersquatting tactics
There are a number of methods cybersquatters use to deceive users into thinking their website is the legitimate one. See if you can spot what’s wrong with these example domain names:
www.paypol.com – this technique is known as homoglyphs and includes a character in the domain that can easily be mistaken for another.
www.amazen.co.uk – typosquatting uses a deliberate typo. Not only can this capture users who genuinely mistype a domain but it can also be successful on less-known brands.
www.e-bay.co.uk – adding a hyphen can be easily missed by users and even assumed to be correct.
www.spotfiy.co.uk – known as transposition, switching a couple of characters can be a tough difference to spot.
www.linkdin.co.uk – this tactic of missing out a single character (omission), can easily slip under the radar and capture those with fast fingers who can make a mistake from time to time.
www.barcllaysbank.co.uk – adding an extra character with this repetition technique can also work a charm.
wwwfacebook.co.uk – the omission of the tiniest detail can have many people fooled (delimiter omission)
www.youtube.net – you’d be surprised at how many users can miss the wrong top-level domain.
How to protect your brand from cybersquatting
As you can see, cybercriminals have plenty of methods they can try in a bid to direct your website visitors to an alternative, malicious site. But there are also a few things you can do to protect your business.
#1. Educate your team
If someone is out there impersonating your business, you may get confused calls from customers or clients. It’s important these aren’t dismissed. Instead, your team need to know these calls should be reported so someone can investigate the cause for concern.
#2. Monitor your brand
There are both paid and free media solutions out there that can alert you to any mention of your brand or business name online. Some will even alert you to unauthorised use of your logo.
#3. Cast your domain-net wide
One of the best ways to protect your domain from impersonators is to take all the variations for yourself.
#4. The multifaceted approach
As with any significant threat to your business, cybersquatting requires a multipronged approach for successful protection. Combine these tips and keep the impersonators at bay.
Use our expertise to keep up with new threats
Keeping on top of the latest cyber crime developments and keeping your employees in the know is essential to your cyber security.
That’s why we provide free content-rich cyber security staff training for all our clients, with tips and information that can be applied in and out of work.
To find out more, drop us a line – we’re waiting to share our expertise with you.
