Domain Impersonation

What is domain impersonation?

Domain impersonation is often used by hackers in impersonation or conversation hijacking attacks. Attackers attempt to impersonate the domain of a legitimate business by using techniques such as typosquatting, replacing one or more letters in a legitimate email domain with a similar letter or adding a hard-to-notice letter to the legitimate email domain. In preparation for the attack, cybercriminals register or buy the impersonating domain

See which threats are hiding in your inbox today.

Our free Email Threat Scan has helped more than 12,000
organizations discover advanced email attacks.


How does domain impersonation work?

Domain impersonation is a very high-impact attack. The attack relies on the fact that people don’t pay enough attention to every letter in the email domain. It can be easy to miss the subtle differences between the legitimate email domain and the impersonated email domain. For example, an attacker trying to impersonate might use one of these very similar URLs:

  • barrá

An attacker can also change the Top-Level-Domain (TLD), for example, using .net rather than .com or .co rather than .com


Hackers invest time and money to register impersonating domains. Attacks that originate from such domains are usually carefully crafted to avoid detection and maximize returns for the attacker.

Domain impersonation attacks are often used in conjunction with account takeover and conversation hijacking. When account takeover takes place, the attacker has access to internal and external conversations between employees, partners, and customers. Using information from compromised accounts, attackers can craft convincing messages from cleverly impersonated domains to trick their victims for monetary gain. For example, they might impersonate a vendor and send a request to change the vendor’s bank account details to yoru accounts payable department.

Why is domain impersonation important?

Domain impersonation has been around for a while. The volume has always been low, but impact and costs are high. The attack is complicated and requires a lot of resources to be implemented. The attacker has to buy the domain that impersonates the legitimate domain. These domains can be expensive, but when executed carefully, domain impersonation attacks can produce high returns on investment for the attacker.

The biggest challenge with domain impersonation is accurately detecting typosquatted domains and differentiating an impersonation attempt from a real website.

How to protect against domain impersonation

First make sure that domain impersonation is part of your security awareness training. Ensuring your employees can recognize these attacks will do a lot to help protect your organization against them.

Second, as scammers adapt their tactics to bypass gateways and filters, it’s important to deploy API-based inbox defense technology that uses artificial intelligence to detect highly targeted attacks like domain impersonation. It uses historical communication data to associate specific conversations, requests, and individuals with specific email domains. So, when a vendor sends an unusual request from the wrong domain, inbox defense detects and blocks it.

Third, monitor new domain registrations for typosquatted domains to make sure your organization is not being used as a launch pad for such attacks. Many organizations also choose to purchase domains that are closely related to their own to avoid potential fraud.

And finally, help employees to avoid costly mistakes by creating guidelines and enforcing procedures to confirm all email requests and wire transfers.

Learn more about conversation hijacking.

Further Reading

How Barracuda can help

Barracuda Sentinel is an API-based inbox defense solution that protects against business email compromise, account takeover, spear phishing, and other cyber fraud. It combines artificial intelligence, deep integration with Microsoft Office 365, and brand protection into a comprehensive cloud-based solution.

Sentinel’s unique API-based architecture lets the AI engine study historical email and learn users’ unique communication patterns. It blocks phishing attacks that harvest credentials and lead to account takeover, and enables real-time remediation.

Barracuda PhishLine is an email security awareness and phishing simulation solution designed to protect your organization against targeted phishing attacks. PhishLine trains employees to understand the latest social engineering phishing techniques, recognize subtle phishing clues, and prevent email fraud, data loss, and brand damage. PhishLine transforms employees from a potential email security risk to a powerful line of defense against damaging phishing attacks.

Have questions or want more information about domain impersonation? Get in touch right now!