Combosquatting — Cybercrime Hiding in Plain Sight

The fight between cybercriminals and those who want to catch them is an ongoing struggle. Bad actors create fraudulent online stores, send phishing e-mail to a company’s clients and install malware on the unsuspecting user’s computer. Now a domain-related type of cybercrime has caught the attention of the Internet: combosquatting.

Researchers from Georgia Tech University released a study late last year, in which they state that combosquatting is an underexposed problem. With combosquatting, the cybercriminal creates a domain name that contains a trademarked term. The bad actor then supplements this trademarked term with additional words, which match the industry of the trademark holder. If we look at the domain name for example, a combosquatter could register to trick the Internet user.*

Versus Typosquatting

Combosquatting hasn’t been in the spotlight until recently. Still, the practice is a hundred times more prevalent than the typosquatting of domains. Those who use typosquatting aim to imitate the original domain name as much as possible. They use special characters that look like regular letters or register domains that closely resemble the legitimate trademark, to mislead those that try and visit the page. If you mistype www.facebook you could land on, which would make the latter a popular domain name for a typosquatter to buy.

As mentioned, the combosquatter only uses the trademarked term without misspellings and adds related words to that term. That’s where the problem lies. By using the trademarked term and associated words, such as, the combosquatter makes their domain name seem more legit than their misspelled cousins. The domain name includes a trademarked and recognizable term for the Internet user and therefore appears more trustworthy. Credit reporting agency Equifax even made this mistake, by linking to a combosquatting website from their official page.

Picture by Caspar Rubin on Unsplash

Online Abuse

The bad actors behind these combosquatting domains do not create them with good intentions. Their goal is to trick the unsuspecting visitor who comes across one of these fake domains. If they succeed, they use their website for:

Cybercriminals try and obtain the Internet user’s credentials or payment information so that they can exploit this data for further use.

Combosquatting domains can also be a redirect to another page, where the visitor is asked to download software without knowing that it contains malicious content.

 A website that is optimized for search and contains several advertisements for products similar to the abused trademark can be a valuable monetization scheme for the website owner.

The Sneaker Case

With over 300 million domains in our database, we did a quick study into the use combosquatting domains for a famous sneaker brand. The brand has some reliable online stores of its own, but we also found 311 websites that used that trademarked name and additional terms to trick the online buyer. Frequently used additions to the trademark were outlet, sale and original to attract the person looking for a good deal. Other combosquatting examples are the use of a country name as well as the trademarked term, and adding the product name to the brand in the domain.

Possible Solutions

As the Georgia Tech study and our research show: the problem is combosquatting is very widespread on the web. It is an ongoing risk for online shoppers, who can become the victim of phishing or might have malware installed on their device. To make the Internet a safer place, there are a few solutions:

· Brands that register domain names should stick to just their brand name. Once a brand starts to create additional domain names that differ from their original name, for example by adding terms or country names, it becomes harder for Internet users to detect which domain name with a trademarked word in it is legitimate.

· Domain name registrars should further develop their fraud-detection system. If someone registers a domain with a popular trademarked term, the registrar could flag this domain and only process the registration once the registrant has proven to be of good faith.

But not just the consumer is duped when they fall for the tricks of a combosquatting domain. The sale of counterfeit products via these types of websites costs the industry over 460 billion dollars each year, and can also devastate your brand’s reputation. As a brand, you cannot rely on the registration of domain names and the registrar alone. You need a well-designed approach to detect and stop the criminals who use combosquatting domains.

Brand Insight’s Brand Insight is the perfect tool for this. The database includes information on over 300 million domains worldwide and can help brand protection professionals detect their brand name in combosquatting domains within minutes. You can use Brand Insight to better protect your brand, and your customers.

Would you like more information on combosquatting, or how can help you fight this type of crime? Contact us via

*Please note that all domain names mentioned in this article are examples, and not domains that have been researched by us.