What is a deceptive domain?

A deceptive domain is a domain name that is registered to deceive or confuse. They are often used in fraud and phishing attacks.

Deceptive domains typically fall into 2 main groups:

Typo-squatting is when a domain name is registered with a missing letter, added letter or where one of the letters has been replaced. For example, goog1e.com is registered as a deceptive domain against google.com. (The l is replaced with a 1, which in some fonts looks almost identical).

Concept-squatting is when a brand name and what they do are combined to create a new domain name. For example, BMW makes cars, and their UK website is bmw.co.uk. However, a domain like bmwcars.co.uk can be registered to create confusion with the brand.

In the past, it was possible to register all of the domains similar to your company brand. However now as there are over 1,500 .com, .net, .co.uk etc... variations, this is no longer practical. At Fresh Security, we search for typo-squatting and concept-squatting domains to confirm which are registered and monitor to ensure no fraud occurs.

Related Questions

Who are highly visible people?

'Highly visible people' are the people easiest to identify in your business or school. You need to know who these people are, as they will be the ones hackers will most likely target.

Hackers are predictable. They always start by gathering as much information as possible about your organisation. This can be technical details but is increasingly focussed on the people who work for you.

Once hackers know who works for you, they use two main ways to…

Continue reading... "Who are highly visible people?"

What is a data breach event?

A data breach event is one time your team’s email and password was lost as part of a data breach. For example, Jane in sales losing her password as part of the LinkedIn data breach.

This information can show that some people in your team have lost passwords in many data breaches. Whereas other team members have lost a password only once. This can help in prioritise who could pose a more significant risk to your organisation.

Continue reading... "What is a data breach event?"

How do you calculate the Fresh Security risk score?

At Fresh Security, we believe that people should be at the heart of security. Which is why people and their environment are the foundation of the Fresh Security risk score.

The risk score is all about people

To calculate the risk score, we first calculate the risk each person faces. The personal risk score examines each email address that a person uses. When an email address is stolen, the algorithm looks at the other data stolen in the breach…

Continue reading... "How do you calculate the Fresh Security risk score?"