so everybody thanks for coming. We’re going to jump right in. We’re talking about how to find fake websites before your scammers trick your customers.

So okay, there we are.

alright perfect. So

first of all. What are we going to cover in this discussion? One. Why is this important? And I think you wouldn’t be here if you didn’t understand why, what not to do, which is as important as what to do

talk. We’re going to talk a little bit about the process of finding these various fake domains. And then, of course, we’re going to talk about some free tools that you can use to figure this out on your own. And we’re also going to talk about some pay tools, because this is a big problem and sometimes pay tools can be a help.

And before we go further, I’m David Schropfer. I’m the Executive Vice President of Operations here at Domainscate. I’ve been working with the company for quite some time. We are the company that goes out, and we can help you find some of these domains if you can’t find them on your own. David, why don’t I give you a second to introduce yourself as well.

Hi, everybody! My name is David Mitnick. I’m the CEO of DomainSkate and as David said, we are a

brand protection company that helps our clients find

scams, fake sites and everything that is

hurting their their business and their customers online.

Excellent. So. First and foremost, why are we all talking about this? Why is this topic important? Number one. The bad actors are using fake domains for almost every fishing attack, every disparaging attack.

every email attack that’s trying to fool your customers into thinking that they are you now? Why are they doing that? Of course? Good old fashioned fraud.

They’re there to steal money, steal credentials, steal login information. They’re there to create counterfeit sites so they can get a customer to pay what they think is you. But they’re paying for merchandise or other services that will simply never be delivered.

or they’re just out for good old-fashioned malice, and they’re just simply trying to damage your brand. We’ve actually had clients that have competitors that do this in in this day and age. They’ll still try to register a domain for no other reason than to discredit or to otherwise sully the image of one of their competitors happens every day, and this is what you got to do to solve it.

The reason that this topic is so important here and now is because of AI. Artificial intelligence is giving the good guys a leg up. But it’s also giving the bad guys a leg up as well. It’s making the threat actors more efficient at finding different ways to

commit the fraud that they’re trying to commit. And all of those ways point to a domain name that looks enough like your brand that it will confuse the person that’s receiving it, whether they’re looking at a website or an email.

And importantly, the what not to do is this

slide number one. The days of registering every possible URL, are simply gone. If you think, however unique your brand is, or you think that it is, there’s always a prefix or suffix or miss type, or a single letter that can be added or removed or replaced.

and

a new domain is created. But you can’t possibly think of all those, and even if you tried to register hundreds and hundreds of domains, you wouldn’t get them all. There’s always one more that the thread actor can find for themselves. And of course this is expensive, too. Call it an average of $20 per year per domain.

Obviously, this varies greatly depending on extension, and which country you’re registering in, etc. But if you think about it.

try to register just 200 domains to try to protect yourself. That’s $4,000 a year. And again, it’s ineffective. The bad guy just needs to think of one other domain that you haven’t.

And the second thing you cannot afford to do anymore is wait for a customer to complain the day that a customer sends you an email and says, Hey, I think I got fished because this email address looks like yours, but it isn’t yours. Everything else about the email looks precisely like

emails that you send from your company. It’s too late. Why? Because that one customer that reported it is probably one of a thousand or a hundred 1,000 of your customers that have already received the same email. Some of them will inevitably fall for it, and lose either money or their credentials, or something else that they didn’t want to lose, which, by the way, they will blame you for. So this is what you can’t do. Ignoring the problem. Those days are gone.

And, David, let me just see if you want to add anything to to this slide in particular.

No, this makes abundant sense. I think that you know the it’s interesting with registering every yeah. URL, I think that that was very much a part of the practice, the common practice.

when you know brands first started thinking about, you know, defensive registrations were kind of a big deal.

And companies would go out and register, you know, hundreds, sometimes of thousands of domain names. And like, like you said. It’s it is. It’s impossible. It drives up costs. It’s a it’s a huge maintenance issue. Not to mention time.

So you know, one of the things that that we really like to talk about. You know internally, is the the idea of assets and liabilities, you know, and you have your assets, the things that your company uses, the domains that you actually monetize, that are important to your business, that you’re recognized. By, and then the liabilities. You know. What are the the things that you might not own?

And the the question that you know by using a system, by having something that you’re tracking. Then you can actually help limit the potential liabilities without incurring the unnecessary cost of registering everything under the sun.

Exactly. And that’s a very good point that once you’ve even if you try to register multiple domains in an effort to protect yourself, the the maintenance on an annual basis above and beyond just this cost that you’re paying to the registrars.

There’s you need to put people in charge of it, taking many

man hours every single year, just to keep track of them, just to keep them updated, and just to make sure they’re all in the same place, so you can use them.

So

that brings us to finding domains there. The bad news is, there are 390 million registered domains today that makes for an awful large

list of domains to go look for some of those you’re going to care a lot about some of those. You’re simply not so the trick is in terms of the process that you want to set up for yourself is number one. The search which is

kind of the hard part, which is why we’re going to show you some free tools and some other tools to help you narrow that search down from the long list of all the registered registered domains to just the ones that you care the most about.

Then making a watch list, meaning you’re going to revisit those domains that you’re most concerned about every single day to make sure that nothing pops up in there like like an Mx record or an a record, and I can talk a little bit more about that. And then finally creating an action plan. Okay, so you’ve done all this. You’ve monitored a certain number of domains. And you have found a problem. You have found a Scammer that has simply taken your code and created a very good look

looking website that looks precisely like your legitimate website, except that all those credentials and all that money is going to the Scammer and not to you. Now you need an action plan, and you need a partner to help take that down.

So let’s take first things first. How do you take a list as big as this and try to narrow it down to a manageable number of domains.

So.

first and foremost, you want to go to who is who is.com? Who is net. You can also use your favorite registrar, whether it’s Godaddy or anybody else. And this is where you just start putting in a few of the domains that you are

interested in just understanding the where they are. Are they registered, are they not? Who owns them? And why? So? If I wanted to? If let’s say I was panasonic.

okay? And I wanted to intentionally have a mistype. Panasonic is spelled exactly like this, and the letter right next to the C on my keyboard is a V, so this would be a classic Miss type, the user types A V at the end and not

and not a C at the end.

And we’re going to search that just to see what we find. So it’s unavailable meaning. It’s already registered. So this is an this is a great example of what you would put on your list. So whether you’re keeping track of it in a spreadsheet or something else, this is definitely one of those domains that you want to capture and take a closer look at.

Now you can take deeper dives and and you can contact us if you like, and we can show you how to find out additional details like, for example, where this, how long this domain is registered. For when it expires, who registered at that those types of things

alright.

Other things that you can do. The cybersecurity and infrastructure security agency is also a great place to get a lot of this data in bulk. Now, unfortunately, this requires a little bit more programming capability. So this isn’t something a typical brand manager is going to do. But if you work with Cisa.

you can actually use some of their tools which are programmatic meaning. They’re short programs called Apis, that you would have to integrate into a platform of some kind. So you can pull in the data from them. And you can put it into a list that you can read great tools all free, straight from the Us. Government

and the Sisa organization is awfully good at what they do highly highly recommend it. and there are also some free tools like domain skates, threadfinder where you can type in something like panasonic and then find a

panasonic com. You have to have the yeah, URL, and you’ll be able to find just a few of the extensions that that come with this as well.

Now, what I’ve just outlined is an awful lot, right? I mean, you’re basically manually looking for different domains. Use and the free tools. Frankly, don’t make it terribly easy to do that, and making your own watchlist on on a spreadsheet can be effective, depending on the size of your company. But it’s not. It’s not

the. It’s not the most efficient way to do some of these things. So there are tools that will help you tremendously this effort. So here is a look at domain skates platform as an example. So.

and just to show you around a little bit. This is listing all of the domains that our system finds. And and we’re using AI, just like the bad guys use AI frankly to look for the best attack. Vectors look for those best, the best domains to use to attack a specific specific brand in this case, panasonic.

Now.

the thing that we that we tend to put up on the top are all the domains that already have a problem reported. So if you notice this column right here, phishing malware, more phishing, fishing, fishing, malware.

All of these domains have been reported as having a problem. So these are the first domains that you want to look at, because you’re now relying on what other people have said is in terms of. They’ve either reported a phishing attack, or they found a malware attack of some kind, a website that’s distributing malware as opposed to just distributing content.

Now, one of the things that jumps out is this particular site, you’ll notice it’s panasonic. with just a little misspelling in the middle. It’s missing the S before the O,

so it’s panasonic again. At first glance. It looks like panasonic, but it’s not. The website

looks awfully legitimate. Clearly they stole this from, if not apple from somebody else. I’m not sure that why they would steal apple, but they have literally made this look exactly like panasonic in every way that they could. But it’s not it forwards somewhere else, and it’s been reported as having a malware on it in the past. This is a problem. So if panasonic were to look at this list, this is exactly the type of thing that they would want to act on and take down as quickly as possible.

And some of the data that we put together for that makes it a lot easier to find. So what you want to be able to do in any tool that gives you these nice organized lists that make it easy to find the problematic domains. You also have to be able to act on these problematic domains at the same time. So in this case, this domain that we were just talking about in the case of DomainSkate, you would click the act button.

click a couple of links. I’m not going to follow through on this now. But this is a suspected phishing attack. It looks like they’re making a lookalike site based on the brand. It’s an alleged violation already. We don’t have more detail than that, but we can dig and find it out, and that’s it. And then you would click the confirm button to actually put that into motion and have a team like ours. Take it down.

So, David, I’m going to stop here for a second and see if there’s anything you wanted to add to to the platform, and how it’s used to find malicious domains.

No, I think I think every everything you said is on point. you know, finding the you you mentioned the

the different ways that you know, Miss types. you know, right right here under result type, you see, affixes. You know, we we focus on a number of different types of

you know, misty fat fingers replacing letters with numbers in certain cases.

Letters that sound the same, you know. Look the same. It’s thi this is, I think we’ve we’ve covered a lot of, you know, a lot of the different ways. There’s there’s a there’s. There’s plenty of ways that they scammers can go off, and you know, find, you know, good domains that can infringe a good brands rights.

And that’s that’s an excellent point. when we’re talking about like miss types and and other extensions. First of all, in our platform, they’re searchable here. All I did is I clicked Miss Types. And you can see that

there’s basically one character that’s either added, deleted, or changed. In this case the O and panasonic is a 0. The

there’s a dash put in the middle of Pana and Sonic.

etc. And you can just go down the list and see example after example. In fact, I’ll zoom in on this a little bit to make this a little bit easier to read. And yeah, this is what the bad guys do. But and the the other very important point, David, that you brought up was the fact that there’s a lot of these that aren’t being used yet. As you can see, this one in particular.

I’ll just do panasonic.ru.ru stands for Russia, by the way, so it’s one of those that whenever we see a.ru, we want to pay particular attention to that. But, as you can see, there’s not much going on with this domain, there’s no records attached to it. It does not host a website. There’s no preview image.

The reason that is is because the thread actors will inventory lots of different domains. So if I was a Scammer and I was going after panasonic, I wouldn’t register just one of these domains. I would register multiple domains, so I would be able to go

take my malicious content whether it’s an email or a website, or whatever, and move from domain, name to domain, name to domain name. Because what happens is as each one of these gets blacklisted or taken down again, which is what you should rely on your partner to do.

Once they’re taken down, the Scammer is not going to just shut down their operation altogether. They’ve made an investment, too. They’ve made a good looking look-alike website, or they’ve created a phishing campaign. So they’re just going to go to the next

domain in their inventory and use that instead of the first one. And then when that’s blacklisted, they’ll move to the next one and the next one and the next one. That’s what makes this process. So what makes these lists so maddeningly long? But having a system like this to organize them, keep an eye on them and track them, makes it a lot easier.

So, and when I say the when I say track them and monitor them again. That is a key component of any platform that you use to manage this. Because if you’re concerned about a domain, whether there’s a website up there, like the ones I’ve been talking about or not. Like some of these, you put them on a watch list all right. So I just simply clicked the eyeball icon and put these 3 domains on a watch list. Now, what does that do?

That means that our system is going to look at them every single day and look for a change like I said in this example, there are no records here. The Scammer has just registered the domain. They haven’t done anything else with it

as soon as they do, as soon as they start. For example, a phishing campaign, an Mx record will pop up here that will send an alert out the same day that will let our experts take a look at it or your team. Take a look at it. Whatever kind of package you’ve already, you’ve purchased. The fact that that Mx record suddenly appears one day.

It could be nothing, but it could also be more likely the start of an email phishing attack. Great. So that’s the moment that you got to take that website down and you got to do it in a matter of hours before those emails go out same thing with Dns records and IP addresses. When you see those pop up or a records when you see them pop up. That could be the start of an attack. It’s definitely worth taking another look. And that’s why, literally, you have to have a monitoring system that will inform you

of any problem now like I said at the top. If you wanted to manage this on a spreadsheet, it’s conceivable. It’s going to take a lot of work, probably a couple hours a day to keep on top of all the domains you care about, and you know frankly, when you look at the size of some of these lists that might not even be feasible. I mean, you can see this one. This list goes and goes and goes. We’ve got literally hundreds of domains with websites already created with email addresses already created. So that’s a lot to manage on a spreadsheet.

So the free route is possible, but not necessarily recommended. Using a platform like this is a much easier way to go. You’ll find a lot more, and you’ll take down a lot more.

David. I’ll pass it off to you.

Yeah, no, I think it. I think it’s you know. I think the the

you know, having, you know, doing this, you know, trying to organize your brand protection and domain protection activities. Outside of you know, a platform is is really tough.

you know. The yeah, II think, yeah, everything everything you said. I totally agree with.

Hey, great.

So we’ve got a couple of questions. Excuse me in the in the Q. And a. That have been sent to us.

The first one is, what should I do when I find domain that is hurting my brand.

So first, you have to understand what is what is hurting your brand. What does that mean? If you have evidence like, for example, if a customer has told you this is hurting my brand, they’re stealing from me. They’ve they’ve started a phishing campaign. I’ve had multiple customers. Tell me about it. That’s where you have to do an immediate shutdown. You’ve got to shut down that domain.

Now, we do have a webinar next week that talks more specifically about the shutdowns. But fundamentally, you can call a company like us if you have that problem or other companies that have shutdown capability in their in their assortment.

So good question. Thank you for that. If you have other questions. You can just put them in the chat or the Q. And a. Now.

all right. And the next question is. what does the display? What does the screenshot display mean to me? Okay, so the the screenshot is important. Because if it exists, that means a website is

is up. Somebody’s created a website at the domain. So in this example, I’ll just keep using panasonic.

a system that is capturing a screenshot

makes it easy to scroll down and see

which images look like the legitimate website. So, for example, I’m going to go to

the real website. Panasonic com notice. I entered that exactly and look at the attributes. And I’m sure this picture changes all the time. But you can see right away that these pictures, these screenshots look a lot like the legitimate panasonic website. So if I was panasonic, the first thing I would do is make sure that my company has, in fact, registered this particular domain name, and it’s pointing the way I want it to point to one of my, to my, to my actual website.

But if you don’t own the website, you’re not managing it. But a Scammer has stolen your code, and they’ve basically rebuilt a lookalike website with the intention of scamming your customers. That is something that you want to look at right away. So panasonic biz as an example.

this is interesting. It looks like.

yeah, looks like we’ve got all Japanese characters on here again. This may be panasonic doing what panasonic does, but it might not panasonic that biz feels like a more of a Western

Western extension. It’s not a country code. So this is one that I would call extremely suspicious, and I would add this to a watch list and make, and I would do. I would use a system like ours to do the research to try to figure out, okay, why is this registered in Japan? I mean, that is where panasonic’s headquarters is. But why is it coming up in Japanese when a Western company takes a look at it. That, too, could be evidence of a problem.

So images really good, easy way to eyeball, lots of different domains, and again, a good, a good platform will have the ability to just let you look at the sites that have an image at all. And, by the way, this is example of a parking domain. This happens all the time as well when the website isn’t being used yet, but they’re getting ready to. So they put up a parking site, and then they’ll put the actual code on when they’re ready to start the attack.

Unfortunately, that’s all the questions we’ve got time for, but I appreciate everybody showing up. David, I’m going to give you the last word, and then we’re going to wrap up the webinar from there.

Yeah, no, thanks, everybody for great questions. And look forward to our next one.

Very good. Alright. Keep an eye on our website and and our emails. You can contact us anytime. My email address is dws@domainscate.com David’s dmitnik@domainscate.com. And you can always contact us straight through the website. Through our contact Us. Page, we will receive those emails and those communications as well.

Thanks everybody for joining. And again, keep an eye on the website for more webinars in the future have a great day.