Registered domain impersonating a known brand
Description
AlphaSOC detected a newly registered domain that appears to impersonate a known brand. This is a common tactic used by threat actors to conduct phishing campaigns or other malicious activities. By registering domains that closely resemble the fully-qualified domain names (FQDNs), adversaries aim to deceive users into believing they are interacting with a trusted entity.
Impact
Domain impersonation can have significant consequences for both the targeted organization and its customers. By accessing the impersonated domain, users are tricked by the threat actor into using their services, which can be used for financial fraud. It also affects the brand's reputation and consumer trust.
Severity
Severity | Condition |
---|---|
Low | Registered domain impersonating a known brand |
Investigation and Remediation
Investigate the detected domain by analyzing its registration details, associated IP addresses, and any related infrastructure. Compare it to the legitimate domains of the impersonated brand. If confirmed as malicious, implement firewall rules to prevent communication with the related infrastructure.
Known False Positives
- Domains registered by the brand for future use or defensive purposes
- Domains with similar names belonging to unrelated but legitimate businesses