Corporation Service Company (CSC) has released the sixth edition of its annual Domain Security Report. CSC manages domain portfolios and provides fraud protection, brand monitoring, and DNS security for the world’s largest companies. The report focuses specifically on the challenges these enterprises face.
A key finding: 67 percent of the world’s largest companies (those listed in the Forbes Global 2000) still implement less than half of the recommended security measures. Notably, “unicorn” startups (privately held companies valued at over $1 billion) take a more responsible approach to brand protection than many established giants and market leaders.
When it comes to domain names, the greatest threat comes from counterfeit domains that imitate well-known brands. The most common are homoglyph domains, which use visually similar characters (for example, “0” instead of “O,” or Cyrillic characters instead of Latin ones). Of these brand-similar domain names, 88 percent are controlled not by the trademark holders themselves but by third parties – meaning they could be used at any time to harm the brands.
However, this doesn’t necessarily mean creating fake websites, notes CircleID. Of these third-party domains, 40 percent have email accounts configured. That is enough to carry out phishing attacks: an email from an address that looks visually similar to a well-known brand can easily be mistaken for a legitimate one. According to the US Cybersecurity and Infrastructure Security Agency, more than 90 percent of successful phishing attacks begin with an email.
It is also important to understand that inactive homoglyph domains – those showing no signs of activity for years – are not safe. Their owners may simply be biding their time for the most opportune moment to strike. Moreover, a domain name’s long history can provide additional credibility indicators to security systems, increasing the likelihood that an attack using such a domain will succeed.
Banks, financial firms, IT companies, and software developers should exercise particular caution: nearly 30 percent of all existing homoglyph domains target brands in these industries.
