What is a Doppelganger Domain?
A doppelganger domain is essentially a domain name which closely resembles your organization’s in one or more ways. For example, if your domain name is www.google.com, a doppelganger domain could be www.gooogle.com (note the extra “o”). This could trick quite a few people if they’re not looking closely.
What are the threats associated with doppelganger domains?
One of the biggest threats posed by doppelganger domains is social engineering attacks. A doppelganger domain looks very similar to your organization’s and, therefore, could be used as part of a phishing attack against your employees. As a result, the chances of a phishing attack being successful when originating from a doppelganger domain is much higher than if it were to originate from a non-similar domain name.
How to protect from doppelganger domains
Your organization can periodically scan for doppelganger domains using publicly available resources and tools. Upon discovery, your organization should evaluate its potential threat and make adjustments in the email filter settings accordingly. Unless required for business purposes, emails originating from doppelganger domains should be restricted.