1. How one global retailer detected almost 2,000
domains impersonating their brand.
www.digitalshadows.com
Global Retailer Digital Shadows
Domain Infringement Concerns
Retailer was concerned by the extent to
which their domains are impersonated
online. The company suspected that these
domains targeted customers to harvest
their credentials or sell fraudulent goods.
While they had received ad hoc alerts from
customers, they had no way of identifying
these sites themselves.
Retailer inputed primary domain into asset
management page within the SearchLight portal.
Minutes later, the registered assets status moves
from "Submitted" to "Live".
SearchLight monitored for domains registered
that have slight permutations. This includes
homoglyphs, homophones, domainsquats,
swappers, repeaters, and other techniques.
When a registered domain closely resembled
that of the retailer, SearchLight sent a verified
alert, complete with context on the registrar and
corresponding attributes. Within the space of one
year, this particular retailer was alerted to almost
2,000 verified spoof domains (the average number
is closer to 300).
The analyst viewed alert and uses
screenshot, WHOIS information, and other
attributes, to make an assessment about
the potential risk of site.
Working with their legal team, the security
team informed Digital Shadows they wish
to pursue a Managed Takedown for a site
selling counterfeit goods.
Digital Shadows began Managed Takedown procedure.
Estimate timelines were provided, and and customer
checked status in the portal's "Takedown" tab.
Two days later, the takedown was confirmed and the
counterfeit site was no longer active.
Register Primary Domains in SearchLight
Monitor for Permutations of Domains
Receive Alerts from SearchLight
Begin Takedown
Confirm Takedown
Investigate Alert
Request Takedown
Realize Return on Investment
The retailer worked with Law Enforcement
to apprehend the perpetrators and
received a cut of the proceeds made by the
counterfeit site. This equated to hundreds of
thousands of dollars.
Adversaries impersonate legitimate domains for a
host of different motivations: it may be to harvest
credentials or dupe customers into purchasing
counterfeit goods. For one of our customers - a
global retailer - both of these motivations were a
concern.
The flowchart below demonstrates how, in this case, we worked
with a leading retailer to help mitigate the risks they faced with
domain impersonation. In doing so, the security team was able
to protect customers, return lost revenue, and secure their
online brand.
Detecting Spoof Domains
2. About Digital Shadows
Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations
can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital
Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your
attack surface. To learn more and get free access to SearchLight, visit www.digitalshadows.com.
Detecting Spoof Domains
Three Ways to Learn More
• Read more about Online Brand Security.
• Read more about our Managed
Takedown service.
• View examples yourself in SearchLight.
Sign up for a Test Drive to try for free.
Digital Shadows SearchLightTM
in Action
• Detected almost 2,000 domains in 1 year
• Included phishing and countefeit sites
• Took down sites to protect brand and
customers
• Return on Investment of several hundreds
of thousands of dollars.