A new tool has been released by the security awareness training and phishing simulation platform provider KnowBe4 that can help companies to identify ‘evil twin domains’ – lookalike spoofed domains that are typically used by cybercriminals for phishing and spreading malware.
An evil twin domain is very similar to a genuine website that is used by a company. It could include an extra letter such as faceboook.com, have missing letters such as welsfargo.com, contain transposed letters such as faecbook.com to catch out careless typists, or use alternative TLDs such as a.co.uk or .ca instead of a .com.
Evil twin domains are exceedingly common. A study conducted by Farsight Security between Oct. 17, 2017 and Jan. 10, 2018 identified 116,000 domains that spoofed well-known brands. The study revealed that for each genuine domain there were 20 lookalike domains and 90% of those domains attempted to fool visitors into thinking they were the genuine domain used by the company that was being spoofed.
These look-alike domains can be used to obtain login credentials to the sites they mimic. Mail servers are set up using the domains for sending spam and phishing emails to customers and employees, or for a variety of other nefarious purposes. Monitoring for these fake domains is therefore in the interest of all companies, from SMBs to large enterprises.
The tool – called Domain Doppelgänger – allows companies to easily check for domains that could be spoofing their brand, allowing them to take action to take down the domains and alert customers and employees of the threat.
The free web-based tool will search for look-alike domains and will send back a detailed PDF report detailing the number of private domains found, whether the domains have an active mail server, whether there is an active web server and the risk level associated with those domains.
“Instead of using multiple methods to search for at-risk domains, IT professionals can utilize KnowBe4’sDomain Doppelgänger tool as a one-stop shop to identify, aggregate, analyze and assess these domains,” said Stu Sjouwerman, CEO, KnowBe4. “By learning the look-alike domains that might impact your brand, you can better protect your organization from cybercrime.”