What is a Cousin Domain?
How they work &
What role they play in Phishing Attacks
This article explains how credential stuffing works, why it’s on the rise and the serious consequences for individuals and organizations. From the most high-profile data breaches to the role of advanced bots in these attacks, you’ll discover the mechanisms of credential stuffing and the practical steps you can take to guard against it.
What is a cousin domain?
A cousin domain—also referred to as a lookalike domain—is a form of email spoofing in which hackers use a domain that deceptively resembles the name of another website. Cousin domains use common typos (www.facabook.com) or numbers (goog1e.com) in an effort to trick users into thinking they’ve received an email or visited a website from a legitimate source.
Below are a few synonyms for “cousin domain”:
- Lookalike domain
- Fake domain
- Spoofed domain
- Doppelgänger domain
What it’s called may vary, but the ultimate goal is the same—to deceive users into trusting a phishing email or website.
Even savvy internet users can be duped by this spoof, as cousin domains are often indistinguishable from a legitimate domain. For example, hackers may substitute Latin-script characters for those used in the Cyrillic alphabet.
How does a cousin domain work?
Cousin domains work by making subtle differences in the domain name that are often difficult to notice at first glance. Combine this with the fact that users may not to closely inspect the domain name of email senders – and many email clients hide this address when viewed on mobile devices – it’s easy to understand how this email spoof is successful.
Cousin domains enable phishing attacks
Because cousin domains are fully registered websites, hackers can also create legitimate email addresses corresponding to the dupe site. These addresses are used to send phishing or spear-phishing emails, also known as business email compromise (BEC).
Cousin Domain examples
Cousin domain variations are endless, but below are just a few basic examples:
- netflix.com – netfilx.com
- amazon.com – arnazon.com
- facebook.com – facebock.com
- google.com – gooogle.com
Consequences of cousin domain dupe
A form of email spoofing used in phishing attacks, cousin domains can result in costly and long-lasting consequences, including financial, reputational, legal, and regulatory. This includes the harvesting of sensitive information, data breaches, malware infections, and more.
These consequences aren’t isolated to the victim. For example, attacks that compromise the information of customers or partners can damage a victim’s brand reputation and result in a lawsuit. Victims may also face stiff penalties from violating regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or General Data Protection Regulation (GDPR). GDPR may penalize victims of a data breach up to €20 million or 4% of the organisation’s total revenue from the prior year.
Protect your Organisation from Cousin domains
There are ways for organisations to protect themselves from cousin domain attacks—namely with education and preparation. Below are key steps every organisation should take to protect from these deceitful cybersecurity threats:
- Educate your employees:
Phishing awareness programs teach employees how to spot and respond to close cousin spoofing and other phishing techniques. They use simulated training showcasing real phishing emails and web pages, so users are educated on the latest phishing techniques and how to recognize them. - Multi-factor authentication (MFA):
Added security measures such as multi-factor authentication help stop hackers from gaining access to your system even if your information has been compromised. MFA is an important line of defense that all organisations should invest in. - Integrated email security solutions:
Integrated email security solutions that use AI technology can analyze and cousin domains and other email spoofing techniques.
Learn about HORNETSECURITY’S SERVICES
Interested in Related Topics?
Did you like our contribution to Cousin Domains? Then other articles in our knowledge base might interest you as well! We help you learn more about cybersecurity related topics such as Emotet, Trojans, IT Security, Cryptolocker Ransomware, Phishing, GoBD, Cyber Kill Chain and Computer Worms.