Domain Squatting Risk Vector: Core Overview

Domain Squatting risk vector detects the presence of domains named similarly to those that are owned and trademarked by an organization. Detection for these types of domains is based on information provided by DNS queries. The Domain Squatting risk vector enables organizations to understand the breadth of domain names that are similar to their own and can be registered by attackers.

• Risk Category: Diligence
• Default Grade: N/A
• Current Rating Impact: Domain Squatting is an informational risk vector. It does not currently affect security ratings.
• Finding Lifetime: N/A
• Scan Cadence: Automated every 2 weeks; User-requested rescans are not available for this risk vector
• Eligible for Dynamic Remediation? No.

What is Domain Squatting?

Domain squatting is when someone registers domain names similar to your organization’s official domains.

• These lookalike domains can trick users into visiting malicious sites or opening harmful emails.
• Attackers use techniques like typographical errors, spear phishing, or bitsquatting (bit-flip errors).
• The goal is often to steal information, deliver malware, or impersonate your brand.

Monitoring domain squatting helps you spot and address these threats before they impact your organization.

Domain Squatting Techniques include:

• Typographical Errors: Mistyped domains (e.g., saperix.com → saperx.com, saaperix.com).
• Spear Phishing: Domains designed to look legitimate for targeted attacks (e.g., saperixj.com, sa-perix.com, saper1x.com).
• Bitsquatting: Domains with a single bit-flip error (e.g., saqerix.com, sbperix.com).

These techniques exploit user mistakes or visual similarities to trick users into visiting malicious sites or opening harmful emails.

Click here to learn how to use Domain Squatting Risk Vector categories.

What are the Risks of Domain Squatting?

The imitation domains take advantage of mistyped or misread URLs to trick users into visiting malicious sites or opening malicious email attachments.

• The site may be crafted by attackers to deliver malware payloads.
• The end-users of an organization are at risk of unintentionally sharing personal information, like login credentials or payment information.

How are Domain Squatting Findings Graded?

The Domain Squatting risk vector is informational. No letter grade or weight is applied, and it does not affect your rating.

How does Bitsight determine domain registration statuses?

We determine if domains are registered based on the information provided by DNS queries.

If new primary or secondary domains are added to a company, the data will be available the following week. If newly mapped companies are added to the Bitsight inventory during the nightly data collection process, findings will be available for those companies the following day.

Each domain variation is evaluated and grouped into one of the following ownership statuses:

• Own Company: Indicates if the company who owns the target domain (appears in its domain map) registered the variation.
• Another Company: Identifies if a separate organization registered the variation, assuming no malicious intent. This accounts for legitimate lookalikes (e.g., "cosco.com" vs. "cisco.com") and domains managed by brand protection firms.
• Third Party: This domain is registered, but not by a known organization.
• Not Registered: The domain is unregistered.