Domain Squatting Risk Vector: Understanding Your Rating Details Erin Conry Domain Squatting records aren’t considered findings, but we cover a limited set of the key primary and secondary domains. The information is typically rescanned every week. It may depend on how many domains a company has and the ways they could be spoofed. IDN letter-swapping is not included in the variations we evaluate today.Domain squatting findings show domains similar to yours that could be used for malicious purposes. Findings list domain variants, who registered them (another company, third party, or unregistered), and the squatting technique (e.g., typographical errors, spear phishing, bitsquatting). These findings help you spot potential threats like phishing or malware sites. The findings are informational and do not impact your Bitsight Security Rating. You can use this data to assess risks and take action, such as registering at-risk domains or issuing takedown requests.What are the risks of domain squatting?The imitation domains take advantage of mistyped or misread URLs to trick users into visiting malicious sites or opening malicious email attachments. The site may be crafted by attackers to deliver malware payloads. The end-users of an organization are at risk of unintentionally sharing personal information, like login credentials or payment information. Remediation Tips Assess potential weaknesses in domain coverage. Work to register any potentially at-risk domains and to trademark your brand assets. Increase domain squatting coverage by requesting the addition of a secondary domain that legitimately belongs in your domain map. Implement a policy for domain squatting threats, including process for issuing takedown requests, taking legal action based on trademark infringement, and implementing firewalls/blocking mechanisms to protect against squatted domains. Verify completed questionnaires from critical third parties. Be wary of suspicious domains that are similar to official domains for a third party, but not registered to their company. Understand if end users at an insured company are at risk for data loss, email phishing attacks, and other threats. When taking down a domain, refer to Uniform Domain-Name Dispute-Resolution Policy (UDRP) Disputes for any questions regarding the dispute resolution process.Where can I view my Domain Squatting Findings? SPM App: Organization ➔ Rating Details CM App: Vendor Risk ➔ Rating Details Insurance: Client Risk ➔ Rating Details API: GET /domain-squatting/company\guid/ Where can I view my Domain Squatting Findings? SPM App: Organization ➔ Rating Details CM App: Vendor Risk ➔ Rating Details Insurance App: Client Risk ➔ Rating Details Bitsight API: GET/domain-squatting/company\guid/ May 13, 2026: Published. Related to diligence_risk_category domain_squatting Feedback 0 comments Please sign in to leave a comment.