Domain Impersonation & Lookalike Attacks
The "close-enough" attack. This is a sneaky form of phishing where the attacker doesn't "spoof" your exact domain, but registers a lookalike domain, like (instead of ). It's a 'pirate ship' painted to look almost like yours.
Questions about Domain Impersonation & Lookalike Attacks
What is a lookalike domain?
What is typosquatting?
What is IDN homograph spoofing?
How do scammers use Unicode characters to trick users?
What’s the difference between cousin domains and mirror domains?
How can you detect lookalike domains in your brand?
What tools monitor for impersonation domains?
How can DMARC alignment reduce domain impersonation?
How can BIMI be used for brand defense?
How do phishing kits deploy lookalike domains at scale?
How can WHOIS data help identify malicious domains?
How to report impersonation domains?
How to take down a fake domain (abuse reports, ICANN, registrars)?
How can redirection attacks mask lookalike domains?
What’s “visual similarity abuse” (logos, colors, etc.)?