What is a Cousin Domain?
What is a cousin domain?
A cousin domain—also referred to as a lookalike domain—is a form of email spoofing in which hackers use a domain that deceptively resembles the name of another website. Cousin domains use common typos (www.facabook.com) or numbers (goog1e.com) in an effort to trick users into thinking they’ve received an email or visited a website from a legitimate source.
Below are a few monikers for “cousin domain”:
- Lookalike domain
- Spoofed domain
- Fake domain
- Doppelgänger domain
What it’s called may vary, but the ultimate goal is the same—to deceive users into trusting a phishing email or website.
Even savvy internet users can be duped by this spoof, as cousin domains are often indistinguishable from a legitimate domain. For example, hackers may substitute Latin-script characters for those used in the Cyrillic alphabet.
How does a cousin domain work?
Cousin domains work by making subtle differences in the domain name that are often difficult to notice at first glance. Combine this with the fact that users may not to closely inspect the domain name of email senders—and many email clients hide this address when viewed on mobile devices—it’s easy to understand how this email spoof is successful.
Cousin domains and phishing
Because cousin domains are fully registered websites, hackers can also create legitimate email addresses corresponding to the dupe site. These addresses are used to send phishing or spear-phishing emails, also known as business email compromise (BEC).
Cousin domain examples
Cousin domain variations are endless, but below are just a few basic examples:
- com - netfilx.com
- com - facebock.com
- com - arnazon.com
- com - gooogle.com
- com -banjofamerica.com
Consequences of cousin domain dupe
A form of email spoofing used in phishing attacks, cousin domains can result in costly and long-lasting consequences, including financial, reputational, legal, and regulatory. This includes the harvesting of sensitive information, data breaches, malware infections, and more.
These consequences aren’t isolated to the victim. For example, attacks that compromise the information of customers or partners can damage a victim’s brand reputation and result in a lawsuit. Victims may also face stiff penalties from violating regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or General Data Protection Regulation (GDPR). GDPR may penalize victims of a data breach up to €20 million or 4% of the organization’s total revenue from the prior year.
Cousin domain protection
Phishing awareness programs teach employees how to spot and respond to close cousin spoofing and other phishing techniques. They use simulated training showcasing real phishing emails and web pages so users are educated on the latest phishing techniques and how to recognize them.
- Multi-factor authentication (MFA):
- Integrated email security solutions: