Powered by: 
Have you ever heard of the term doppelgänger domains? Until recently, we hadn’t either. Mind you, I would bet that, in some way or another, you may have already come across one.
Have you ever quickly typed in a web address only to realize that you have misspelt it and landed on some poorly designed “catch-all” website? Have you ever received an email that appeared to be from the Canada Revenue Agency, Microsoft or Apple but there was something that seemed a bit “off”? Very likely these were using doppelgänger domains, otherwise known as “typo-squatting”. In these cases, imitation is not the sincerest form of flattery. Typically, a doppelgänger domain is constructed with an unnoticeable typo such as exchanging two Vs for a W, a zero for an O or a small L for an I; something that at first glance is not immediately obvious.
There is no innocent reason for registering a doppelgänger domain – just varying degrees of fraudulent motives. With a doppelgänger domain, one could attempt any or all of the following:
The good news is that Canada has a very efficient and effective organization, the Canadian Cyber Incident Response Centre (CCIRC), that has been put in place to protect Canadian businesses and citizens from cyber fraud. The bad news is, there is no lack of innovation when it comes to those attempting to commit fraud.
And to that end, no one is too big, too small, too important or too insignificant to attack. We have recently been privy to a list of doppelgänger domains from a single fraudulent account that included everything from global jewellery brands to local flooring installers, from digital marketing agencies to utility companies.
This article has been prepared for the general information of our clients. Specific professional advice should be obtained prior to the implementation of any suggestion contained in this article.
