What is a Doppelganger Domain?

Last Updated On November 03, 2018

A doppelganger domain is essentially a domain name which closely resembles your organization’s in one or more ways. For example, if your domain name is www.google.com, a doppelganger domain could be www.gooogle.com (note the extra “o”). This could trick quite a few people if they’re not looking closely.

What are the threats associated with doppelganger domains?

One of the biggest threats posed by doppelganger domains is social engineering attacks. A doppelganger domain looks very similar to your organization’s and, therefore, could be used as part of a phishing attack against your employees. As a result, the chances of a phishing attack being successful when originating from a doppelganger domain is much higher than if it were to originate from a non-similar domain name.

How to protect from doppelganger domains

Your organization can periodically scan for doppelganger domains using publicly available resources and tools. Upon discovery, your organization should evaluate its potential threat and make adjustments in the email filter settings accordingly. Unless required for business purposes, emails originating from doppelganger domains should be restricted.

Vonahi Security

We're a cybersecurity company that developed vPenTest, a SaaS platform that automates network penetration testing and delivers continuous testing at a fraction of the cost of an outsourced consultant. The future of offensive cybersecurity consulting services through automation starts here. Hello World, Meet Modern Security.
Stay Updated

Subscribe for the latest vPenTest updates and announcements.