Tactic or Technique: Lookalike domain

Attackers register domains that closely resemble legitimate ones to trick you into thinking you're visiting or interacting with a trusted site. These lookalike domains use small visual or typographic changes, like swapping “m” for “rn,” misspelling a brand name, or using characters from other alphabets that look identical.
A link may appear to point to a company you recognize, but it actually leads to a spoofed domain controlled by the attacker. These sites are often convincing replicas of real login pages, built to steal your credentials or trick you into downloading malware.
This technique is common in phishing campaigns and can lead to serious consequences, including account compromise, data theft, or fraud. It also causes damage to the impersonated brand, especially when the domain is used in widespread credential harvesting or malware delivery.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: FedEx
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Government / Tax Authority document lure
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Wix
6d ago
Jul 10th, 2026
Sublime Security
Brand impersonation: Chase Bank
7d ago
Jul 9th, 2026
Sublime Security
Brand Impersonation: Stripe
9d ago
Jul 7th, 2026
Sublime Security
Brand impersonation: UPS
1mo ago
Jun 12th, 2026
Sublime Security
Brand impersonation: Blockchain.com
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: DHL
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: Okta
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: Capital One
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: DocuSign
1mo ago
Jun 1st, 2026
Sublime Security
Brand Impersonation: PayPal
1mo ago
Jun 1st, 2026
Sublime Security
Brand impersonation: Meta and subsidiaries
1mo ago
May 29th, 2026
Sublime Security
Brand impersonation: Sublime Security
1mo ago
May 18th, 2026
Sublime Security
Brand impersonation: Office 365 mail service
2mo ago
May 15th, 2026
Sublime Security
Impersonation: Suspected supplier impersonation with suspicious content
2mo ago
May 4th, 2026
Sublime Security
Brand impersonation: Spotify
2mo ago
Apr 27th, 2026
Sublime Security
Brand impersonation: Wells Fargo
3mo ago
Apr 15th, 2026
Sublime Security
Brand impersonation: Bank of America
3mo ago
Mar 31st, 2026
Sublime Security
Lookalike sender domain (untrusted sender)
3mo ago
Mar 25th, 2026
Sublime Security