Criminals Register Domains Like Yours

The Anti-Phishing Working Group (APWG) performed some analysis around the use of registering domains to be used for the purpose of Phishing attacks. What criminals do is register a domain name that looks similar to yours. For example, if your domain was myfinance.com they might register myf1nance.com (where the i has been changed to a 1), or mfinance.com (where the y has been removed), or myfinanse.com (where the c has been changed to a s), etc. There are so many different posibilities to change out characters that look similar or make changes that don’t register with the human eye as being different. Criminals will register these domains, and then direct customer out (through phishing emails) to these websites. Customers not noticing the slight different end up clicking on the link or otherwise get directed to the false website where their sensitive information is compromised.

The APWG states that 10% of all phishing attacks utilize these types of domain registrations. While this doesn’t sound like a lot, it represents thousands of attacks every year.