Email Security

    Using AI to Fight Domain Spoofing for Online Brand Protection

    As long as it’s easy for bad actors to spoof brand domains and create fake websites, they’ll keep doing it. But AI-based online brand protection tools can help fight brand exploitation outside the perimeter.

    by Megan Doyle

    Key Points

    • Domain spoofing is an extremely common type of cyberattack, but many companies aren’t even aware it’s happening because it occurs outside their security perimeter.
    • Cybercriminals create fraudulent websites that imitate your brand in order to trick customers or employees into entering their credentials or clicking on malicious links.
    • Because the internet is so vast, it’s extremely difficult to detect domain spoofing using manual methods alone.
    • AI-based online brand protection tools can search enormous amounts of data online to help detect and take down malicious spoofing attempts before attacks can do damage.

    Domain spoofing is a widespread problem—much more widespread than many companies realize, in fact. It’s extremely easy for fraudsters to register lookalike domains and create fake webpages that imitate well-known brands, in order to trick users into clicking on malicious links or entering their credentials.

    This kind of brand exploitation puts companies’ customers and reputation at risk—and may also have serious financial implications. For example, British Airways was slapped with a £183 million ($230 million) fine after cybercriminals diverted hundreds of thousands of customers to a fraudulent website and used it to steal their personal information.[1]

    However, many brands have no idea they’re being exploited because they lack visibility beyond their security perimeter, and because it’s not easy to find lookalike domains and fake websites. A proactive, offensive approach is needed to locate and shut down spoofed domains before damage can be done. Now, advanced brand protection solutions using AI and machine learning are emerging to help protect brands and their customers by searching for domain spoofing attempts across the internet.

    What is Domain Spoofing?

    Domain spoofing is a type of cyberattack in which bad actors use a fraudulent domain to create a website or emails that impersonate a brand. The spoofed domain often appears genuine at first glance. Criminals may register a domain name that’s very similar to the brand’s real domain name—perhaps changing just one character in the name. And it’s very easy to imitate the brand’s web pages. Criminals can often copy the code and content from real web pages, and even the least tech-savvy threat actors can purchase phish kits—malicious tools that replicate specific websites they’re looking to spoof. Making web spoofing even harder to detect, the user’s browser may not be able to detect that there’s anything wrong with the website and therefore may display a “secure connection” indicator.[2]

    What’s more, criminals can create many new domains and they commonly leverage automation to rapidly put up and take down spoofed websites. This creates a moving target: Even if the security team finds out about a copycat page, there’s a chance it’ll be gone by the time they get to it—only to pop up elsewhere.

    Since domain spoofing is easy to do and can be extremely difficult to uncover until it’s too late, it remains a popular attack vector. Brands may never know they’re being impersonated unless they are able to find the fake websites. This cannot be achieved using traditional cybersecurity controls, which generally focus on network monitoring and perimeter defenses. The only way to detect and take down impersonated websites is to go out and hunt for them—a task far too vast for humans to efficiently carry out without assistance from AI.

    Consequences for Companies and Their Customers

    The consequences of undetected domain spoofing can be serious for brands and for their customers. If a spoofed domain results in a data breach, brands could face reputational damage, legal compliance fees, and cleanup costs.

    In the case of British Airways, fraudsters successfully diverted about 500,000 customers to a realistic but fraudulent website.[3] The website gathered personal information including names, address, payment card details, and login information was compromised. As a result, British Airways faced a huge fine for violating Europe’s General Data Protection Regulation (GDPR).

    But it’s not just customers that can become victims. If bad actors impersonate a login portal for your company’s email service provider, they could capture employees’ credentials and use them to send emails designed to spread ransomware throughout your company, or to trick other users into making fraudulent payments to criminals.

    AI-Based Brand Protection Solutions Can Shut Down Spoofs Before They Can Wreak Havoc

    When it comes to detecting domain spoofing and fake websites, humans have natural limitations. The web is so vast that it’s almost impossible to pinpoint every domain spoofing attempt using manual methods alone: according to Verisign, there were nearly 370 million domain name registrations in the first quarter of 2020.[4] Now, though, emerging advanced online brand protection solutions can leverage AI, machine learning technology, threat intelligence capabilities, and automation in order to efficiently:

    • Parse through endless troves of data across the web to seek out suspicious activity and malicious websites that impersonate legitimate brands
    • Monitor a brand’s legitimate domains to detect potential bad actors scraping content to use in spoofing attacks
    • Take down confirmed malicious impersonation web pages swiftly to help eliminate threats before they can cause damage

    AI can help businesses respond to brand exploitation with greater confidence and speed. Brand protection solutions combine techniques such as specialized algorithms that analyze enormous amounts of data, APIs that plug into registrars to take down spoofed domains, and automation.[5]

    This technology-based approach to online brand protection is essential in a landscape where cyberattacks are growing in such volume and complexity that humans can no longer fight the good fight alone. However, to maximize effectiveness, advanced online brand protection solutions should be combined with human expertise. AI drastically reduces the time and cost of dealing with brand exploitation attempts, while security experts guide the process and confirm which results represent real threats.[6]

    The Bottom Line

    As long as it’s easy for cybercriminals to do, domain spoofing isn’t likely to go away any time soon. But emerging AI-based advanced online brand protection solutions can help brands minimize brand exploitation attacks that occur outside of the perimeter. AI’s speed and efficiency can help brands shut down malicious web spoofing attempts sooner rather than later, making it less likely attack recipients will land on fraudulent web pages and become unsuspecting victims. By protecting its customers and employees, a brand can protect its reputation—and also help to avoid the potential financial consequences of online brand exploitation.

    [1] “Rethinking Website Spoofing Mitigation,” DarkReading

    [2] “Rethinking Website Spoofing Mitigation,” DarkReading

    [3] “Intention to fine British Airways £183.39m under GDPR for data breach,” Information Commissioner’s Office

    [4] “Verisign Q1 2020 Domain Name Industry Brief: Internet grows to 366.8 million domain name registrations in the first quarter of 2020,” Verisign

    [5] “Artificial Intelligence for a smarter kind of cybersecurity,” IBM

    [6] “With AI for Cybersecurity, We Are Raising the Bar for Smart,” SecurityIntelligence


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page