Domain threat and brand protection guides

Plain-English explainers on how lookalike domains, phishing infrastructure, and brand impersonation actually work, and what to do about them.

• What is typosquatting?

  Typosquatting explained: how attackers register lookalike domains, the main permutation techniques with examples, and how detection works.

• Someone registered a domain similar to mine: what to do

  A calm, practical playbook for when a lookalike of your domain appears: assess severity, gather evidence, report it, and protect customers.

• Certificate Transparency monitoring, explained

  What CT logs are, why every TLS certificate is public, and how monitoring them catches phishing domains days before the first email goes out.

• Homoglyph attacks: when the letters themselves lie

  How homoglyph and IDN homograph attacks use lookalike characters and punycode to fake domains, where browser defenses fail, and how to detect them.

• Combosquatting: when attackers add a keyword to your real brand

  Combosquatting adds a plausible keyword to your real brand name (acmebank-login.com). Learn why it beats misspelling defenses and how to detect it.

• Bitsquatting: the bit flip domain attack

  Bitsquatting registers domains one bit away from yours to catch traffic from devices with memory errors. Learn how bit flips happen and how to detect them.

• Domain parking: what a parked domain is and why a parked lookalike still matters

  A parked domain shows ads or a placeholder instead of a real site. Learn why a parked lookalike is still a threat and how to monitor it for change.

• Subdomain takeover and dangling DNS records

  What subdomain takeover and dangling CNAME records are, why they bypass lookalike detection, how to find them, and how to fix and prevent them.

• RDAP vs WHOIS: reading domain registration data

  RDAP vs WHOIS explained for defenders: key registration fields, why creation date matters for threat scoring, GDPR redaction, and how to look one up.

• How domain takedowns work: reporting a phishing domain

  The realistic phishing domain takedown process: gather evidence, report to the registrar and host, blocklists, authorities, and UDRP as a last resort.

• SPF, DKIM, and DMARC explained

  SPF, DKIM, and DMARC explained simply: what each email authentication record does, how they stop spoofing, and the lookalike-domain gap they miss.

• There Is a Fake Website Using My Business Name

  Found a fake website copying your business name? Stay calm. Confirm it is fake, save evidence, and report it. A clear step-by-step plan for owners.

• Someone Is Impersonating My Company Online

  Someone impersonating your company online? Learn the forms it takes, how to tell which one you face, and the immediate steps to protect customers.

• Is Someone Spoofing My Email Domain?

  Worried someone is spoofing your email domain? Learn the difference between exact spoofing and lookalike email, how to check, and how to stop it.

• How to Report a Copycat Website

  A plain step-by-step guide to report a copycat or fake business website: gather evidence, find the host and registrar, and submit abuse reports.

• What Lookalike Domains Actually Do: A Look at 44,000 of Them

  We analyzed 44,000+ lookalike domains across 237 brands. Half of the registered ones can send email. Here is what typosquats actually do.

Ready to see your own exposure? Run the free typosquat checker or view pricing for continuous monitoring.