Counterfeit domains: how your website can be faked

The counterfeiting of domains is a widespread practice which has led to some shocking figures for the last year. It has been estimated that in the case of over 96% of company websites there is an almost identical copied version somewhere on the web, differing only in its domain extension.

Falsifying a domain and making it appear credible to users, especially the less knowledgeable ones, is an effective method exploited by cyber pirates to carry out targeted attacks and steal sensitive data. This technique has caused considerable damage, not only to un-suspecting web users, but also to companies themselves.

Counterfeit domain statistics

The proportion of sites with an identical domain, except for a different extension (for example ‘.net’ instead of ‘.com’) make up almost 100%, according to the data gathered.  That means that almost every website has a ‘twin’ created on an ad hoc basis for the purposes of committing fraud of various kinds.

In addition to a similar domain, many sites (almost 76%) known as ‘lookalikes’, also feature an accurate copy of the graphic interface, with menus and functionalities closely resembling the original portal. All this is designed to create a sense of trust on the part of the user, who is often unable to distinguish between the two portals.

Other scams operate by using the domains of well-known e-commerce sites or shops in order to sell counterfeit merchandise. This type of fraud affects about 85% of retail businesses, resulting in inestimable economic losses.

The most worrying aspect is the level of detail that certain fraudulent domains can achieve. Many have been hosted on operational servers and are provided with functioning email services (Mail Exchanger registrations) and in some cases, have even been granted security certificates.

How cyber attacks using counterfeit domains work

Cyber criminals use counterfeit domains to trick less attentive users. The technique is as simple as it is effective and consists of faithfully recreating the websites of important companies, banks and e-commerce firms.

Once they have prepared their ‘mirror image site’, hackers attempt to induce the user to log in or carry out certain other operations in order to gain access to their most sensitive data. In this way it is possible to steal not only their access data, but also credit card numbers and security codes, passwords and much more.

It has become apparent that domain fraud attacks are targeted at a relatively small number of users.  In contrast with other types of cyber attack, hackers focus on very precise targets, using techniques such as emulation and company identity theft.

This strategic approach limits their chances of being found out and has considerable potential because very often, people do not know how to defend themselves.

How to protect yourself from fake domains

Companies which have been subjected to domain fraud can take various steps to stop the cyber criminals’ activities. The first thing to do is to constantly monitor the online presence of similar sites, by consulting specific platforms (some of these store up to 350 million registered domains).

Another good method of keeping users on their guard is to devote a section of the company portal to guidelines clarifying how company support operations are carried out, (for example: ‘Our operators will never ask you for passwords’.

Web users on the other hand, must learn to check domain extensions which they are about to access very carefully (usually if they differ from ‘.com’ there is a serious risk that it is a fake domain).  Also, be aware of the addresses and subjects of emails, which are often used to redirect users to fraudulent websites.

Translated by Joanne Beckwith