Domain spoofing is a form of online fraud or phishing technique whereby cybercriminals impersonate a company or its employees using a fake domain that appears similar to a legitimate one in order to dupe or mislead their victims.
Cybercriminals will, for example, create a fake website which uses the same design or information from a real company to dupe and mislead their victims. The domain name of the spoofed website would normally have a slight change in characters or spelling compared to the target website, such as www.IT-explianed.com instead of www.IT-explained.com or a0pg.net instead of aopg.net.
Once this is done, cybercriminals would lure victims into sharing personal particulars such as financial details and other private information. From using company corporate videos, logos and even design, these websites are often almost identical to the real site, which causes confusion among victims who fall prey to this scam. In some cases, victims will be tricked into logging in to the spoofed site (thereby exposing their login credentials), filling in their credit card information or making payments for items that do not exist at all.
Fraudulent emails could also be sent from these spoofed domains to make it seem like they originated from a trusted, legitimate source. From there, the threat actors (or even just spammers in some cases) would be able to trick recipients into giving out sensitive information, clicking a malicious link, opening a harmful attachment or even transferring money in cases of BEC.
However, there are certainly some effective ways to circumvent this threat and prevent your company’s employees from falling victim to this threat. To find out how Barracuda Networks can protect your business from domain spoofing and other forms of cybercrime, click here.