The Timeless Threat of Impersonation — and Why External Monitoring Matters
How fraudsters exploit technology, from fake profiles to fraudulent domains, and what organizations can do to protect their brand and people.
Find out more
Domain-based threats have become one of the most persistent and underestimated risks organizations face. From lookalike domains designed to deceive, to infrastructure missteps that invite attackers, the danger is real — and growing. During a recent webinar hosted by Access Point Consulting, we explored these threats, why they matter, and what you can do to protect your brand, customers, and employees.
The Two Faces of Domain-Based Threats
When it comes to domain-based risks, we see two major categories:
1️⃣ Lookalike Domains and Impersonation
Attackers register domains that closely resemble legitimate company domains — a tactic known as typo-squatting. These lookalike domains are cheap and easy to obtain, often costing less than $12, and can be set up in under an hour. Fraudsters use them for phishing scams, fake job postings, invoice fraud, and more. They mimic your email records, replicate your website content, and even redirect to your legitimate site to gain trust and improve search engine visibility.
Targets include not just employees, but customers, vendors, and future customers — anyone who can be manipulated into clicking a malicious link or sharing sensitive information.
2️⃣ Mismanaged Infrastructure and Dangling IPs
Beyond external impersonation lies a lesser-known risk: domain infrastructure under your control. Subdomains linked to decommissioned applications, forgotten developer instances, or recycled cloud IP addresses can be hijacked by attackers. For example, if your DNS still points to a cloud IP you no longer own, that IP could be reassigned to someone else — who can then host malicious content using your domain’s subdomain. This creates serious reputational and security risks because visitors will associate the malicious site with your brand.
Why Are These Threats So Prevalent?
Three factors make domain-based threats attractive to attackers:
- Low cost and low effort. Domains are inexpensive and easy to register, with minimal verification by registrars.
- Massive potential reward. A single successful fake invoice or phishing attack can net thousands — more than enough to fund future campaigns.
- Blind spots in monitoring. Without proactive monitoring, organizations often don’t realize these threats exist until after damage is done.
Real-World Examples
- Lookalike domains: We’ve seen attackers spin up domains like zoom-download.ink to impersonate Zoom, lure victims into downloading malware, and steal sensitive credentials.
- Dangling IPs: In one case, a “secure” subdomain of a real organization pointed to a recycled IP that hosted malicious content. Without monitoring, this went unnoticed until it posed a serious risk to customers.
How Organizations Can Defend Themselves
Establish a baseline. Know what domains, subdomains, and cloud assets you own. Coordinate across teams — marketing, IT, development — to build an accurate inventory.
Adopt continuous monitoring. Whether you use internal tools or a third-party provider, monitoring for new lookalike domains, DNS changes, and dangling IPs is essential. Early warning lets you act before threats escalate.
Streamline domain management. Consolidate registrars where possible to simplify oversight. Mismanaged assets — like domains bought by former employees — are prime targets for abuse.
Act decisively. When you detect a threat, report it. Registrars and registries have abuse processes to address impersonation and fraud. Follow through on takedown requests — don’t let issues linger.
Take Action Before Attackers Do
Domain-based threats aren’t limited to any single industry. We’ve seen fraud schemes in banking, retail, tech, and beyond — from fake banking sites that mimic routing numbers to fraudulent surveys spreading malware.
The good news? With awareness, monitoring, and action, you can reduce your risk. Start small if needed — free tools like DNSTwist, URLScan, and Phishcatcher can help you begin identifying threats. But whatever you do, don’t wait until it’s too late.
