Tactic or Technique: Lookalike domain

Attackers register domains that closely resemble legitimate ones to trick you into thinking you're visiting or interacting with a trusted site. These lookalike domains use small visual or typographic changes, like swapping “m” for “rn,” misspelling a brand name, or using characters from other alphabets that look identical.
A link may appear to point to a company you recognize, but it actually leads to a spoofed domain controlled by the attacker. These sites are often convincing replicas of real login pages, built to steal your credentials or trick you into downloading malware.
This technique is common in phishing campaigns and can lead to serious consequences, including account compromise, data theft, or fraud. It also causes damage to the impersonated brand, especially when the domain is used in widespread credential harvesting or malware delivery.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: DocuSign
3d ago
Apr 17th, 2026
Sublime Security
Brand impersonation: Wells Fargo
5d ago
Apr 15th, 2026
Sublime Security
Brand impersonation: Bank of America
20d ago
Mar 31st, 2026
Sublime Security
Brand Impersonation: PayPal
21d ago
Mar 30th, 2026
Sublime Security
Lookalike sender domain (untrusted sender)
26d ago
Mar 25th, 2026
Sublime Security
Brand impersonation: Meta and subsidiaries
1mo ago
Mar 20th, 2026
Sublime Security
Brand impersonation: DocSend
1mo ago
Mar 18th, 2026
Sublime Security
Brand impersonation: FedEx
1mo ago
Mar 16th, 2026
Sublime Security
Brand impersonation: Wix
1mo ago
Mar 16th, 2026
Sublime Security
Brand impersonation: Chase Bank
1mo ago
Mar 2nd, 2026
Sublime Security
Brand impersonation: Gusto
2mo ago
Feb 18th, 2026
Sublime Security
Brand impersonation: American Express (AMEX)
2mo ago
Feb 17th, 2026
Sublime Security
Brand impersonation: Netflix
2mo ago
Feb 3rd, 2026
min0k
Brand impersonation: Office 365 mail service
2mo ago
Jan 29th, 2026
Sublime Security
Brand impersonation: Aramco
2mo ago
Jan 28th, 2026
Sublime Security
Brand impersonation: AuthentiSign
2mo ago
Jan 21st, 2026
Sublime Security
Brand impersonation: Blockchain[.]com
2mo ago
Jan 21st, 2026
Sublime Security
Vendor impersonation: Thread hijacking with typosquat domain
3mo ago
Jan 12th, 2026
Sublime Security
Brand impersonation: LinkedIn
3mo ago
Jan 12th, 2026
Sublime Security
Brand impersonation: Fastway
3mo ago
Jan 12th, 2026
Sublime Security