⚠ Security Awareness Training

Don't Fall for Fake Domains

Phishing attacks cost businesses billions annually. Learn to identify deceptive domains, spoofed emails, and typosquatting attacks before they steal your data β€” or your money.

$4.9B Lost to phishing in 2023
3.4B Phishing emails sent daily
90% Of breaches start with phishing
Scroll to learn
Financial Impact

The Real Cost of One Click

Global losses from phishing and payment fraud attacks

$0

lost to cybercrime globally per minute

$36,000
Average loss per business email compromise incident
197 days
Average time to detect a phishing-related breach
$150M
Largest single wire-fraud payment from a spoofed domain
76%
Of organizations were targeted by phishing in 2023
Attack Methods

8 Domain Attack Patterns

Attackers use these well-known techniques to trick users into visiting malicious sites. Study each one carefully.

// 01
πŸ‘

Homoglyph Attacks

Characters that look identical but are different β€” like Cyrillic "Π°" vs Latin "a". Your eye cannot tell them apart.

microsoft.com Real
rnicrosoft.com Fake
micros0ft.com Fake
microsΠΎft.com (Cyrillic o) Fake
// 02
⌨️

Typosquatting

Banking on users making common typing errors. One missing or swapped letter leads to the attacker's site.

paypal.com Real
paypai.com (i not l) Fake
paipal.com Fake
paypall.com Fake
// 03
πŸ”—

Subdomain Abuse

The brand name appears as a subdomain, making the URL look legitimate β€” but the real domain is the attacker's.

login.microsoft.com Real
microsoft.login-secure.com Fake
microsoft.verify-account.net Fake
microsoft.support-help.org Fake
// 04
🌐

Wrong TLD (TLD Abuse)

Switching the top-level domain from .com to .net, .co, .in or others to register a lookalike domain.

amazon.com Real
amazon.co Fake
amazon.in Fake
amazon.net Fake
// 05
🚨

Security Keyword Injection

Adding words like "secure", "verify", "alert" or "login" to panic users into clicking without thinking.

apple-secure.com Fake
apple-verification.com Fake
apple-login-alert.com Fake
apple-account-reset.net Fake
// 06
πŸ”€

Unicode / IDN Attacks

Internationalized Domain Names use Unicode characters that look pixel-for-pixel identical to Latin letters. Extremely dangerous.

google.com Real
gΠΎogle.com (Cyrillic ΠΎ) Fake
gΞΏogle.com (Greek ΞΏ) Fake
googlΠ΅.com (Cyrillic Π΅) Fake
// 07
πŸ’³

Billing & Payment Domains

Fake invoices and renewal notices are sent from domains mimicking your bank or software provider to steal payment info.

netflix-billing.com Fake
netflix-invoice.net Fake
netflix-renewal.org Fake
netflix-payment-verify.com Fake
// 08
πŸ“§

Display Name Spoofing

The "From" display name says "PayPal Support" but the actual email domain is a fake. Mobile clients often hide the real address.

alerts@paypal.com Real
alerts@paypa1.com Fake
alerts@paypal-support.net Fake
alerts@paypal.secure-user.com Fake
Side-by-Side

Real vs Fake β€” Quick Comparison

Test yourself: can you spot the difference before looking at the label?

Attack Type
❌ Fake Domain
βœ… Real Domain
Homoglyph
rnicrosoft.com
microsoft.com
Typosquatting
faceboook.com
facebook.com
Subdomain Abuse
apple.login-verify.com
apple.com
TLD Swap
amazon.co / amazon.in
amazon.com
Keyword Injection
paypal-secure-login.com
paypal.com
Billing Scam
netflix-invoice.net
netflix.com
Unicode IDN
gΠΎΜ²ΠΎΜ²gle.com (Cyrillic)
google.com
Phishing Emails

Real vs Phishing Email

Always check the sender domain β€” not just the display name. Attackers make the display name look legitimate while hiding the real address.

πŸ’‘
Red Flags in Phishing Emails
β†’ Urgent / panic language
β†’ Mismatched sender domain
β†’ Requests for credentials
β†’ Generic greetings ("Dear User")
β†’ Links to non-brand domains
β†’ Poor spelling / formatting
Golden Rule

Trust the Last Domain, Always

In any URL, only the registrable domain (last two parts before the path) tells you who really owns the site.

Hover to identify the real domain in each URL

βœ“ LEGITIMATE
login . microsoft . com
β†’ microsoft.com is the real domain β€” Safe
βœ— PHISHING
microsoft . login-secure . com
β†’ login-secure.com is the real domain β€” Attacker's site!
Interactive Tool

Domain Risk Detector

Enter any domain URL and see an instant risk analysis. Use this to evaluate suspicious links before clicking.

Try:
Defence Playbook

How to Defend Against These Attacks

Practical steps for developers, security teams, and everyday users to protect against domain-based attacks.

πŸ›‘
Email Security

  • βœ“Enable SPF records on your domain
  • βœ“Configure DKIM signing for all outgoing mail
  • βœ“Set DMARC policy to p=reject
  • βœ“Flag emails with edit-distance ≀ 1 from your domain
  • βœ“Never trust display name alone β€” check the actual address

πŸ’»
Developer Rules

  • βœ“Always use exact string match for domain validation
  • βœ“Never use partial match: if "brand" in domain
  • βœ“Strip and normalize Unicode before comparison
  • βœ“Allowlist only known legitimate domains
  • βœ“Use punycode decoding to detect IDN attacks

πŸ”
SOC / IR Team

  • βœ“Monitor domain registrations similar to your brand
  • βœ“Use typosquatting detection tools (dnstwist, URLcrazy)
  • βœ“Set up Google Alerts for brand + "login" / "secure"
  • βœ“File UDRP complaints for look-alike domains
  • βœ“Scan certificate transparency logs for brand certs

πŸ‘€
End User Habits

  • βœ“Bookmark legitimate sites β€” don't search and click
  • βœ“Check the real domain in your browser's address bar
  • βœ“Never enter passwords after clicking an email link
  • βœ“Enable 2FA on all important accounts
  • βœ“Use a password manager β€” it won't autofill on fakes
Attack Lifecycle

How a Payment Scam Unfolds

A typical business email compromise attack that results in financial loss β€” step by step.

Day 0 β€” Hour 0

Attacker registers a look-alike domain

Registers something like yourcompany-invoices.com for under $10. Sets up spoofed email and fake invoice portal within hours.

Day 1

Reconnaissance & targeting

Scrapes LinkedIn and your website for finance team names, supplier relationships, and ongoing project names to make the phish convincing.

Day 2

Phishing email is sent

A convincing invoice PDF arrives from the fake domain, referencing real project names. Display name shows a known supplier. The urgency framing ("payment overdue") triggers quick action.

Day 2 β€” 30 minutes later

Wire transfer is initiated

A finance team member processes the $85,000 invoice without verifying the domain. The money hits a mule account instantly and begins moving internationally.

Day 4

Fraud is discovered

The real supplier calls asking about a late payment. By now the money has moved through 3 jurisdictions. Bank recall success rate at this point: under 20%.

Final outcome

$85,000 lost β€” unrecoverable

Total damage: wire amount + legal fees + investigation costs + reputational damage. One domain check at the time of payment would have prevented all of this.

Test Yourself

Spot the Phishing Domain

Can you identify which domains are real and which are attacks? Take the quiz to find out.