How to find different domains mimicking your brand?

Nowadays, the threat actors are using different technics to steal users PII (personal identifiable information).

One of the easiest ways of doing that is to create a fake web page that looks like a well-known webpage such as Facebook, Twitter, YouTube, Instagram, LinkedIn, Netflix and others services (Banks, gaming platforms etc.)

Let’s give some example:

URLscan URL and website scanner – urlscan.io

Is a well-known URL and website scanner used by most of security professional

The examples below, will teach us about how to find the website mimicking our brands.

1 – Netflix brand mimicking by threat actors to steal users credentials

The first to do is to connect to type the domain “netflix.com”  – www.netflix.com – urlscan.io

Next, go to “HTPPtransaction”, click on the “image” button

Now, you need to expand the image view and  click on “Show image”

Once clicked, you will see the image

As we can see the image now, if you want to find other webpages with the same image, follow the next steps.

Click right on the “Hash” Of the image and “choose open on the new tab “

You will get the following page

Scroll down the page, you will find some domains different from the one we submitted which is the legitimate one

Open in the new tab the domain that are different from the legitimate one (Netflix.com)

Now as you can see, we found some domains malicious domains mimicking Netflix.com.

You can use the same technic for your brand or organization.

Recommendation

Check the URL or the domain before connecting to a domain

Use 2FA for your login

Use different password for different account

Use a platform like Virus Total to check the domain if you are not sure before connection