A Deep3r Look at Lookal1ke Attacks
Threat actors have used visually similar domains to deceive users into visiting malicious websites since the advent of the internet. These domains, called lookalike domains, are so synonymous with phishing attacks that security awareness training includes learning to inspect links for them.
This report describes the current threat landscape by showcasing real world examples across industries and user groups. Infoblox has been detecting lookalike domains for years and analyzes over 70 billion domain name system (DNS) events daily to find new and potential threats. For this paper, we focused on detections from January 2022 to March 2023. From over 300,000 looКaliКe domains, we’ve curated a set that highlights the challenges and risks associated with these attacks.