About this program
Lookalike domains, typo-squatting and brand abuse outside your own perimeter. The cheap part of “attack surface” most people skip.
Risks addressed
- Critical Lookalike domain hosts phishing kit targeting your customers
- High Marketplaces sell counterfeit goods under your brand
- Medium Stolen logos / trademarks used in scam pages and ads
Controls (6)
-
Daily lookalike-domain monitoring
HighDaily lookalike-domain monitoring
How to test + evidence
Testing procedure: Tool (or service) checks new registrations against your brand list.
Evidence to collect: Tool config + last 30-day alerts.
-
Defensive registrations of obvious typos
MediumDefensive registrations of obvious typos
How to test + evidence
Testing procedure: Top 20 typo / TLD variations registered or redirected.
Evidence to collect: Defensive-registration list.
-
Takedown workflow with registrar + hosting providers
HighTakedown workflow with registrar + hosting providers
How to test + evidence
Testing procedure: Documented contacts + templates to fast-track abuse takedowns.
Evidence to collect: Takedown SLA tracker.
-
Trademark + brand IP monitoring on marketplaces
MediumTrademark + brand IP monitoring on marketplaces
How to test + evidence
Testing procedure: eBay / Amazon / Alibaba scanning for counterfeit listings under your marks.
Evidence to collect: Monitoring tool reports.
-
Search-engine + ad monitoring for impersonation
MediumSearch-engine + ad monitoring for impersonation
How to test + evidence
Testing procedure: Brand ad impersonation flagged via Google / Bing programs.
Evidence to collect: Ad monitoring evidence.
-
Quarterly external-attack-surface review
LowQuarterly external-attack-surface review
How to test + evidence
Testing procedure: External-attack-surface monitoring tool covers domains, certs, sub-domains, leaked credentials.
Evidence to collect: EASM tool config + last review.