BloxOne Threat Defense supports custom lookalike domain monitoring for viewing and searching lookalike domains. Custom Lookalike Domain Monitoring provides the power of the global lookalike domain feature to be targeted for specific critical domains for the user. Using a customer-defined list of domains, an organization can now add the company's own domain, or domains frequently visited by or controlled by the organization in order to provide advanced warning of common attack vectors. Using Custom Lookalike Domain Monitoring, users can potentially avert unknown attacks, and prevent potentially 'brand-affecting" incidents.
Lookalike domains are domains that are found to be visually similar (homographs) when compared to the domains they are attempting to imitate. Lookalike domains are composed using methods such as replacing letters with visually confusing ones (e.g. o to 0, l to 1, w to vv), switching to different top-level domains (e.g. .com to .cc), or by using the IDN character set or Punycode characters to mimic the legitimate domains they are attempting to exploit. Lookalike domains are often found in cyber attacks seeking brandjacking, traffic redirection, typosquatting, and phishing.
For more information on custom lookalike domain monitoring, see the following:
- Viewing Lookalike Domains
- Viewing Watched Domains
- Adding Watched Domains to Lookalike Domain Monitoring
- Importing Watched Domains to Lookalike Domain Monitoring
- Editing Watched Domains from Lookalike Domain Monitoring
- Removing Watched Domains from Lookalike Domain Monitoring