Skip to main content

Improvements to Lookalike Domain Identifiers

· 2 min read
Justin Furniss
CEO @ Securecoders

We've made significant improvements to how we classify brand impersonation and lookalike domains in our threat intelligence platform. Initially, our approach grouped these domains under a broad identifier. However, as we analyzed real-world cases, it became clear that a one-size-fits-all classification wasn't sufficient.

Why the Change?

Lookalike domains serve a variety of purposes—some are clear attempts at phishing, while others are more nuanced, requiring different investigative approaches.

By refining our identifiers, we can provide more precise context and tailored response plans, ensuring threats are addressed appropriately.

New Identifiers for Lookalike Domains

To improve resolution, we've introduced the following CTEM-DOM identifiers:

These updates enhance our ability to detect, prioritize, and respond to threats more effectively, ensuring organizations can swiftly mitigate risks from brand impersonation attacks.