Phone : +91 95 8290 7788 | Email :

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » How to protect endpoints from phishing emails with lookalike domains

How to protect endpoints from phishing emails with lookalike domains

Kaspersky experts have found that the service and e-commerce industry has become the most targeted by phishing attacks with domains that look legitimate. In Q3 2020, the sector accounted for 35% of all attacks that use this technique. This may be a result of the pandemic, as there has been a massive transition in the number of consumers relying on online services and shopping. Half (50%) of fake domains are only used once and 73% are active for just one day, which makes them very hard to detect. Automated multi-layered analysis is able to detect such attacks without compiling domain lists manually.

The lookalike technique means phishing emails are sent from a domain that looks like a legitimate web address, but in fact may have a minor spelling error (such as a missing letter). In many cases, a recipient is unlikely to notice the mistake, for example fraudsters will change to or use instead of The messages with lookalike domains pass authentication without any problems, have a cryptographic signature and do not arouse the suspicion of anti-spam systems.

Kaspersky’s research reveals which industries most often suffer from attacks with lookalike domains. In Q3 2020, services and e-commerce were hit the most, with IT & Telecom in second place.

The traditional method of detecting lookalikes is the manual insertion of all possible variants of fake domains into an anti-phishing solution, which is time consuming and not always effective, as some options may still be missed from the list. It is as if the police created an identikit of a criminal but were not sure about some of the facial features, so they had to make a hundred identikits with a wide range of options for the nose or eyes.

The technology which is more effective against phishing with lookalike domains includes several stages of analysis, helping to identify the fake by comparing a suspicious domain to legitimate ones, rather than a list of false ones.
When a letter from an unknown sender is delivered to an email inbox, it goes through all of the standard anti-spam filters. If nothing malicious is revealed, the domain analysis begins. During the first stage, the system compares the domain with all known lookalikes. If there are no matches, in the second stage, the system reviews information about the domain, such as registration details or certificates. If something looks suspicious, the investigation continues. In the third stage, the domain is compared with the list of known legitimate web addresses. This list is also composed automatically. If the system finds any similarity between the suspicious domain and a legitimate one, then the verdict will deem it as a ‘lookalike’.

This approach allows an anti-phishing solution to block attacks which use lookalike domains in real time when they first appear. It doesn’t require any manual actions, such as compiling a list of legitimate or possible lookalikes from the customer. All calculations are performed in the cloud and do not require additional computing resources from the client.

This approach is implemented in Kaspersky’s solutions with mail server protection and Kaspersky Security for Microsoft Office 365. To learn more about lookalike domains and the technology that can protect businesses from them

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India













What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.


Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.


Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : | Support Email :

Register & Request Quote | Submit Support Ticket