Domain impersonation, also known as typosquatting, is often used as part of a conversation hijacking attempt. Attackers target legitimate domains, such as Barracudamsp.com, by creating domains that appear similar. Such a domain might be accessed by a user typing the legitimate domain incorrectly, either with a misspelling or incorrect top-level domain:
Barracadamsp.com
Baracudamsp.com
Barrracudamsp.com
Barracudamsp.co
Barracudamsp.net
Email gateway defense against domain impersonation is prone to error and needs continuous management and updates. API inbox defense uses past email communications to get information on domains used by the company. When an impersonation comes in, the attack can be detected and blocked.
Domain impersonation is one of the email threat types examined in our free e-book, 13 Email Threat Types to Know About Right Now. The Barracuda MSP Total Email Protection Bundle offers a complete suite of email protection to help defend your company from these attacks. For more information on how to protect yourself, download the e-book here.
Photo: NIKCOA / Shutterstock