Registered domain impersonating a known brand
Description
AlphaSOC detected a newly registered domain that appears to impersonate a known brand. This is a common tactic used by threat actors to conduct phishing campaigns or other malicious activities. By registering domains that closely resemble the fully-qualified domain names (FQDNs), adversaries aim to deceive users into believing they are interacting with a trusted entity.
AlphaSOC monitors newly registered domains and Certificate Transparency (CT) logs to identify potential impersonation and alert you when such domains are detected. You can set up custom monitoring for specific brands by contacting AlphaSOC.
Impact
Domain impersonation can have significant consequences for both the targeted organization and its customers. By accessing the impersonated domain, users are tricked by the threat actor into using their services, which can be used for financial fraud. It also affects the brand's reputation and consumer trust.
Severity
| Severity | Condition |
|---|---|
Low | Registered domain impersonating a known brand |
Investigation and Remediation
Investigate the detected domain by reviewing its registration details and comparing it to the legitimate brand’s domain. Check internal telemetry for any communication with the suspicious domain. If the domain is confirmed as malicious, implement firewall rules to prevent communication with your infrastructure.
Known False Positives
- Domains registered by the brand for future use or defensive purposes
- Domains with similar names belonging to unrelated but legitimate businesses