• Lookalike domain

Tactic or Technique: Lookalike domain

Attackers register domains that closely resemble legitimate ones to trick you into thinking you're visiting or interacting with a trusted site. These lookalike domains use small visual or typographic changes, like swapping “m” for “rn,” misspelling a brand name, or using characters from other alphabets that look identical.
A link may appear to point to a company you recognize, but it actually leads to a spoofed domain controlled by the attacker. These sites are often convincing replicas of real login pages, built to steal your credentials or trick you into downloading malware.
This technique is common in phishing campaigns and can lead to serious consequences, including account compromise, data theft, or fraud. It also causes damage to the impersonated brand, especially when the domain is used in widespread credential harvesting or malware delivery.
Blog Posts
Credential phishing Charles Schwab account holders with 2FA bypass
Credential phishing Charles Schwab account holders with 2FA bypass
Talking phish over turkey
Talking phish over turkey
Call Me Maybe? The Rise of Callback Phishing Emails
Call Me Maybe? The Rise of Callback Phishing Emails
Attack Types (3):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Detection Methods (8):
Header analysis
Sender analysis
Computer Vision
Content analysis
File analysis
URL analysis
HTML analysis
Natural Language Understanding
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand Impersonation: Meta and Subsidiaries
1d ago
Jun 17th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-meta-and-subsidiaries-e38f1e3b
Brand impersonation: FedEx
1d ago
Jun 17th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-fedex-94a2b602
Brand impersonation: TurboTax
6d ago
Jun 12th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Sender analysis
/feeds/core/detection-rules/brand-impersonation-turbotax-90084031
Brand impersonation: Venmo
7d ago
Jun 11th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Sender analysis
/feeds/core/detection-rules/brand-impersonation-venmo-0ab15d4f
Brand impersonation: Twitter
8d ago
Jun 10th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Sender analysis
/feeds/core/detection-rules/brand-impersonation-twitter-013c32c2
Brand impersonation: Github
8d ago
Jun 10th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-github-9402f92b
Brand impersonation: American Express (AMEX)
9d ago
Jun 9th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9
Brand Impersonation: PayPal
14d ago
Jun 4th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee
Brand impersonation: DHL
15d ago
Jun 3rd, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0
Brand impersonation: Charles Schwab
15d ago
Jun 3rd, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-charles-schwab-7abde595
Brand Impersonation: Stripe
16d ago
Jun 2nd, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-stripe-862d4654
Lookalike sender domain (untrusted sender)
19d ago
May 30th, 2025 UTC
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Lookalike domain
Social engineering
Sender analysis
/feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993
Brand impersonation: Chase Bank
22d ago
May 27th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7
Brand impersonation: DocuSign
28d ago
May 21st, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-docusign-4d29235c
Brand impersonation: Netflix
2mo ago
Apr 16th, 2025 UTC
min0k
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-netflix-9f39eea5
Brand impersonation: UPS
2mo ago
Apr 8th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Sender analysis
/feeds/core/detection-rules/brand-impersonation-ups-73b68869
Impersonation: Chrome Web Store Policy
3mo ago
Mar 18th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Lookalike domain
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/impersonation-chrome-web-store-policy-4a98f283
Sharepoint Link Likely Unrelated to Sender
3mo ago
Mar 12th, 2025 UTC
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Brand impersonation: LinkedIn
3mo ago
Mar 12th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-linkedin-1a0cde6d
Brand impersonation: Binance
3mo ago
Feb 24th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/brand-impersonation-binance-c3302a76