Lookalike domains: the typosquatting threat to your brand

Typosquats and homoglyph domains are cheap to register and easy to weaponise. Here is how they work and what to do about the ones already pointed at your brand.

Fraudox Team 1 min read

For a few dollars, anyone can register a domain that looks almost exactly like yours. Multiply that by every plausible misspelling, every swapped character, and every alternative top-level domain, and most brands have dozens of lookalikes registered without their knowledge.

The three flavours

  • Typosquats rely on human error — exmaple.com, example.co, example-support.com.
  • Homoglyphs swap characters that look identical — a Latin "a" for a Cyrillic one, or "rn" for "m".
  • Combosquats bolt a believable word onto your name — example-login.com, secure-example.net.

Each is harmless while parked and dangerous the moment it is weaponised into a phishing page, an investment scam, or a redirect.

Why parked domains still matter

It is tempting to ignore a lookalike that just shows a parking page. But a registered domain is a loaded option: the attacker can point it at a phishing kit at any time, often timed to a campaign, a product launch, or a breach. Treating only the active phishing domains means you are always reacting after the harm starts.

How to clear them

  1. Enumerate the full set. Don't chase domains one at a time — fingerprint the cluster by shared registrar, hosting ASN, or TLS issuer to find the dormant ones too.
  2. Triage by risk. Active phishing first, then redirects, then parked.
  3. Pursue the registrar layer. For clearly abusive domains, suspension through the registrar's abuse channel removes the domain entirely, not just the content.
  4. Keep a watchlist. The lookalikes you can't remove today go on a monitored list so a newly weaponised one is caught early.

The economics favour the attacker — registration is cheap and instant. The defence is to make the cost of staying up higher than the cost of moving on.

Seeing this threat against your brand?

Fraudox removes phishing sites, impersonation accounts, fake apps, and scam domains — you only pay for successful takedowns.