Lookalike Domains Module
Lookalike Domains Module
Embedded Files
Senders looking like well-known brands thru slight misspellings or visual tricks
Senders looking like well-known brands thru slight misspellings or visual tricks
Attackers frequently register domain names that closely resemble those of trusted organizations. Forensic-Email compares the sender's domain against a list of common phishing targets and flags domains that appear designed to deceive.
Lookalike Domain
The sender's domain closely resembles a well-known brand's domain through a slight misspelling, a character substitution, or by surrounding the brand name with hyphens and extra words. For example, "paypal-secure.com" or "micosoft.com" are lookalike domains for paypal.com and microsoft.com.Domain Embedding Trick
A legitimate domain is buried inside a longer, attacker-controlled domain. For example, "paypal.com.attacker.net" begins with "paypal.com" but the actual domain is "attacker.net." A casual glance at the address bar may miss the deception.Unicode Homoglyph Domain
The sender's domain contains Unicode characters that look identical to standard Latin letters in most fonts but are technically different characters. For example, a Cyrillic "а" is indistinguishable from a Latin "a" on screen, allowing an attacker to register a domain that appears identical to a real one.
Page updated
Report abuse