Online business starts with your Internet domain
Whether big or small, step one for any business going online is to secure an Internet domain, and typically one that matches your company’s name, brand, or sub-brand. Many businesses succeed with this first step. Take for example the mythical company mynewcoolcompany. It went online by securing the .com domain to do business. You might think it’s off to the races from there, setting up a website, standing up mail server capabilities, and going full steam ahead with various online pursuits. But what about all the top-level domains (TLDs) besides .com? Were any purchased to build a ‘digital fence’ around the legitimate domain? And what about all the typosquat variants that fraudsters might stand up to step on the brand and business? Any protection there?
Brand builders – Beware of TLD-swappers, look-alikes and typo-squatters
Let’s revisit the mythical mynewcoolcompany example again. The company purchased and registered the .com TLD for business, but there are over 3,000 more top-level-domains (TLDs) between legacy TLDs, new TLDs and country-specific TLDs. So, what does this mean? It means a fraudster can very easily, and quickly, go out and purchase any one of those unregistered domains like for example mynewcoolcompany.info or mynewcoolcompany.net or mynewcoolcompany.info.uk and set up a fake site to start staging attacks against your customers, employees and/or supply chain.
But the risks don’t just stop with securing TLD variants. There’s also the very real and sizeable threat of look-alike or typosquat domains. You know, the domains that sneakily look like yours but aren’t like for example: thenewcoolcompany.com or mynewcoo1company.com or mynewcoolcmpany.com. These are just a few examples of what could be full-blown fake sites, logos and all, designed to trick end-users, and all achieved through a malicious variant of the legitimate domain.
The problem of look-alike or typosquat domains can quickly become an out-of-control problem as it is a function of the number of characters in the domain name. As the number of characters increases, so too do the number of look-alike or typosquat combinations (see Figure 1 below). We can extrapolate that for our 16-character mynewcoolcompany example, the problem is acute.
Figure 1: Containing look-alike or typosquat domains can quickly get out of control
Companies have two principal lines of defense here. They can look to purchase and register all the domain variations (TLD variants, look-alikes, typosquats, etc), but as you see that will very quickly outstrip most budgets. The only way for this to be viable and economical is with the use of AI to build purchasing recommendations with algorithms that factor in cost and relative risk. More on that in a bit.
Alternatively, organizations can continually monitor the Internet for look-alike and typosquat domains assessing risk and remediating on an ongoing basis. But without AI and automation this process will be unending and overwhelming given the frequency with which changes occur at the domain registration level, combined with ever-changing threat conditions, and the overall volume of data at hand.
Assess your domain risk today for free!
We can help starting with a free, no obligation, Domain Risk Report, to help you size up the potential risks to your domain. The detailed report, prepared in less than 48 hours, will include all look-alike domains detected including TLD variants as well as typosquat domains. Our system will scan and score all of these results to build a prioritized set of findings based on threat level. The system will display domain threats by geography, by hosting provider, by IP address, and by top TLD. All of this will help you build an action plan to address the most threatening conditions most immediately.
The Domain Risk Report will provide a snapshot in time. Conditions will of course continue to change. So, while the report is critically informative, it’s imperative that you put a plan in place moving forward that affords you with both the ongoing visibility to see emerging threats and the capabilities to mitigate them as they occur.
As mentioned earlier, it’s also quite common to construct a ‘digital fence’ around one’s domain by purchasing additional domains (TLD variants & typosquat variants) based on availability. To aide with that, we include a free defensive domain acquisition report based on scanning 3,000+ TLDs to identify available domains and associated acquisition costs. We then apply AI and budget inputs to arrive at a prioritized set of domains that can be registered using Bolster’s defensive domain acquisition registrar service.
Figure 2: Bolster Domain Risk Report provides a comprehensive, global threat assessment
Be the master of your domain!
With reports in hand, consider two capabilities to boost your domain defenses:
Real-Time Domain Monitoring: Sign-up for an ongoing Domain Monitoring service from Bolster. We’ll build off of the Domain Risk Report to construct an online real-time dashboard with full visibility and interactivity. You’ll be able to easily identify TLD, look-alike and typosquat variants, prioritize them based on threat level, and monitor them all for changes. You’ll be able to detect new registrations, for example, and monitor them for weaponization. This will allow you to get ahead of threatening conditions, taking critical remediation action before bona-fide attacks occur.
Defensive Domain Acquisition: As discussed earlier, acquiring domains to create a ‘digital fence’ around your domain can get expensive unless done with the assistance of AI. Consider working with Bolster to adopt a defensive domain acquisition strategy using our AI smarts to optimize spend where threats are most real and prevalent. Our capabilities have proven to reduce expenses by up to 90% vs. brute-force purchasing while optimizing investments where risk is greatest.
Whichever capabilities you consider—real-time domain monitoring, defensive domain acquisition, or a combination of both—put a plan in place because as they say, the best offense is a strong defense. And as always, we’re here to help. We’ll work with you to build a domain defense game plan that’s right for your business.
Start now! Request your free Domain Risk Report today!
To learn more about domain monitoring, read our whitepaper: Guide to Domain Monitoring and Remediation
