What is Domain Impersonation?
Domain impersonation encompasses multiple techniques attackers use to create confusion with legitimate domains. Typosquatting registers common misspellings (gooogle.com). Combosquatting adds words to legitimate names (amazon-support.com). Homograph attacks substitute visually similar characters from different alphabets (using Cyrillic “a” instead of Latin “a”). Subdomain abuse creates deceptive paths on compromised or free-tier domains (legitimate-brand.attacker-site.com). TLD variations register the brand under different extensions (.net instead of .com). Each technique exploits different aspects of how users parse and trust domain names. Attackers combine domain impersonation with cloned websites to create complete deception: the URL looks approximately right, the page appears identical to the real site, and users submit credentials without suspicion.
Business Impact
Domain impersonation serves as the foundation for credential harvesting, business email compromise, and customer fraud. Attackers invest in impersonating domains precisely because the ROI is proven—users trust familiar-looking domains and interact without scrutiny. Organizations face both direct costs when employees fall for BEC schemes using impersonation domains and indirect costs when customers are victimized through brand impersonation. The reputational damage extends beyond individual incidents; repeated impersonation erodes customer confidence in legitimate communications.
Allure Security's Approach
Allure Security continuously monitors for domain impersonation through multiple detection methods: tracking new domain registrations that match brand patterns, identifying visual similarity in active websites regardless of domain construction, and analyzing DNS changes that indicate dormant domains becoming active threats. When impersonation domains are detected, the SOC initiates blocking through partner networks while pursuing takedown through registrars. For trademark-protected brands, UDRP proceedings can transfer infringing domains to the legitimate owner.