- August 16, 2023: New Grading & Finding Behavior sections.
- July 15, 2021: Added UDRP resource for taking down a domain.
- May 11, 2020: Linked to related topics (rating details, data collection methods, & finding details).
The Domain Squatting risk vector detects the presence of domains named similarly to those that are owned and trademarked by an organization. Detection for these types of domains is based on information provided by DNS queries.
Registering similarly named domains is called “domain squatting.” The Domain Squatting risk vector enables organizations to understand the breadth of domain names that are similar to their own and can be registered by attackers.
The imitation domains take advantage of mistyped or misread URLs to trick users into visiting malicious sites or opening malicious email attachments.
- The site may be crafted by attackers to deliver malware payloads.
- The end-users of an organization are at risk of unintentionally sharing personal information, like login credentials or payment information.
This risk vector is informational and does not currently affect Bitsight Security Ratings.
|Not applicable. Not rating-impacting.
|– “N/A” Letter Grade
(Out of 70.5% in Diligence)
Review Domain Squatting findings.
- Assess potential weaknesses in domain coverage. Work to register any potentially at-risk domains and to trademark your brand assets. Increase domain squatting coverage by requesting the addition of a secondary domain that legitimately belongs in your domain map.
- Implement a policy for domain squatting threats, including process for issuing takedown requests, taking legal action based on trademark infringement, and implementing firewalls/blocking mechanisms to protect against squatted domains.
- Verify completed questionnaires from critical third parties.
- Be wary of suspicious domains that are similar to official domains for a third party, but not registered to their company.
- Understand if end users at an insured company are at risk for data loss, email phishing attacks, and other threats.
When taking down a domain, refer to Uniform Domain-Name Dispute-Resolution Policy (UDRP) Disputes for any questions regarding the dispute resolution process.
|User-requested refresh not available.