You have probably heard of brand monitoring, that is, a practice that lets businesses keep track of their and competitors’ brand mentions and impressions. It is a means to compare how well your company is doing against the competition. But how does that differ from domain brand monitoring? This post sheds light on the matter.
What Is Domain Brand Monitoring?
You probably know by now that no company is safe from cyberthreats. It has even been said that becoming a cyber attack target or, worse, victim is a matter of when and not if. These days, it is not enough to just manage your brand, you need to be strategic about it. That means doing better than your competitors while protecting your network and customers against cyber attacks.
Domain brand monitoring lets businesses know when cybersquatters, trademark infringers, phishers, product counterfeiters, and malware operators could be misusing their brands for malicious purposes.
Risks Associated with Domain Abuse
Online, a company’s domain represents its brand. When its website starts hosting malware or gets phished, its reputation gets tarnished, and it loses customers, especially those whose computers get infected or who suffer from account hacking. Many cyber attacks can start by compromising a company’s domain, and we will discuss five in greater detail here.
Some cybercriminals have been known to cybersquat on famous brands’ domains, that is, buy and use their look-alikes, in hopes that the brands’ owners would buy them for hefty sums.
Cybersquatting can also be the first step in phishing or malware-enabled attacks. Threat actors lure a specific company’s customers to visit their specially crafted websites. When the link to such a domain is clicked, the site visitor can end up getting phished or download malware onto his/her computer.
Domain brand monitoring can help companies catch potential cybersquatting domains as soon as these are registered.
We created a monitor for Microsoft, one of the most mimicked brands today, to see how many microsoft[.]com domain look-alikes are registered each day, which could be used for various cyber attacks. Our monitoring for 12 May 2021 using Microsoft as the search term showed 18 potential cybersquatting domains.
- Source: DRS Brand Monitor accessed on May 12
Some of these could be malicious or suspicious at least and may need to be taken down before they could put Microsoft customers at risk.
Product counterfeiting does not only happen in the real world. In fact, even more counterfeit products are sold online. Imagine how a loyal brand customer would feel if he/she ends up with a fake product. Or what if a customer thinks the pair of Adidas shoes he/she bought is the real deal but turns out it is not. The customer may lose faith in the brand, and Adidas loses out in the end.
We started a search using Adidas as the search term, and the results showed that 25 look-alike variants were found in the past few days. Those that do not belong to Adidas could be used by counterfeiters to peddle fake products online.
- Source: DRS Domains & Subdomains Discovery accessed on May 14
Business Email Compromise
Apart from merely luring in a company’s customers to their websites, cybercriminals also use look-alike domains for more sinister purposes. One example would be business email compromise (BEC).
In such an attack, the threat actors mimic a company’s supplier and send fake invoices. If the organization fails to check the legitimacy of the domain before paying for the goods stated, it could lose a lot of money to BEC attackers.
They could, for instance, use any of the 18 newly registered microsoft[.]com look-alikes in the example above to send a fake invoice to a known Microsoft customer. Instead of paying Microsoft, its money ends up in the attackers’ hands. The victim will also end up paying for the goods twice since it cannot renege on its responsibility to its supplier.
Some BEC attackers can also mimic the company’s domain and pretend to be an executive ordering a finance employee to transfer funds to a supposed corporate account that they actually own. If the employee fails to thoroughly check the domain and account and proceeds with the transfer, the company loses a huge sum.
Today, it is not enough for business owners to monitor their brands. They need to keep an eye on their domains as well. Domain brand monitoring can help them avoid risks like cybersquatting, product counterfeiting, and BEC, among many others, of course.