Fresh Thoughts #114: Concept Squatting: The New Challenge of Deceptive Domains
- Newsletter
I'm sure you're familiar with deceptive domains.
Those domains that scammers use to try to trick you into clicking on a phishing link.
Traditionally, scammers have used a technique called typosquatting.
For example, replacing the letter "L" with the number "1".
google[.]com becomes goog1e[.]com.
This has long been a problem for staff receiving phishing emails.
In a rush, staff mistake the domain name as legitimate and click when they shouldn't.
But there's a new game in town - Concept Squatting.
It's a problem for your customers, prospects and vendors.
Over Q1 2024, we've responded to over a dozen examples of this technique being used by scammers.
Concept Squatting
Domain names are how potential customers find your school or business online.
They are crucial brand identifiers.
Having the right domain is seen as critical to marketing success.
This is why Facebook paid $200,000 to buy the shorter facebook.com and moved away from the original thefacebook.com.
The domain name system is crowded, especially for short names ending with .com.
Over 150+ million domain names are registered.
And that is the root of the problem...
There should be more than enough domains to go around.
But there is unending competition for domain names.
Which has led brands to normalise extra words in domain names:
- 74,000+ domain names use the try[brand name].com format.
- 51,000+ domain names use the hello[brand name].com format.
This has allowed scammers and profiteers to exploit brand concepts and business activities to create new domain names that are easily confused with the original brand.
Let's use Fresh Security as an example.
Our primary domain is freshsec.com.
And we offer a range of cybersecurity products and services.
Before we founded the company:
- freshsecuritysolutions[.]com existed - providing physical event security.
- freshsecurity[.]com existed and is now for sale with an asking price of $8,800.
Both could easily be confused with our brand.
Which is why we have spent time and effort to ensure we appear in web searches correctly.
But let's broaden this and look at possible scam websites. How about:
- freshsecservices[.]com
- freshsecsolutions[.]com
- freshsecuritysolution[.]com
- freshseccyber[.]com
- fresh-security[.]com
- freshsec-mssp[.]com
- and so on...
Each one is plausible as the domain name for a company called Fresh Sec Limited that works in cybersecurity.
In new research, we found over 2,000,000 combinations for a single company - using their business name and the sector they worked in.
When focusing on concepts - the range of possibilities is vast.
Then, of course, there are the endings - we have only covered .com so far...
Each of those 2 million concept combinations could be combined with any generic endings - like .com, .net, .org, etc.
There are also country-specific endings in which the business operates, like .co, .co.uk, and .uk.
What's the Solution?
Historically - the answer has been to buy the most common misspellings of a domain.
But this approach is economically unviable.
The solution brands are left with is active monitoring.
A three-step process of:
- Regularly searching to discover domain names that could infringe on trademarks or be used by scammers.
- Monitoring for changes or activities on the discovered domains that indicate preparations are being made to conduct a fraud.
- Once a fraud or scam is taking place - work with the registrar to remove the domain.
The scale of Concept Squatting is challenging, but active monitoring can and will help.
April 16, 20243 Minutes Read
