Somewhere out there, a domain that looks almost exactly like yours may already be registered, waiting for the moment it gets used against your customers rather than against you directly. A single swapped letter, an added hyphen, a different top-level domain entirely — small enough that most people will not notice, and that is precisely the point of building it that way in the first place.
Typosquatting targets the people who trust you most
Typosquatting domains are cheap to register and require no access to your actual systems at all, which is exactly what makes them so appealing to attackers looking for a low-effort, high-reward route to fraud. A domain one character removed from your own can host a convincing clone of your login page, harvest credentials from customers who typed your name slightly wrong or clicked a link in a well-crafted phishing email, and cause real financial and reputational damage without your infrastructure ever being touched or breached in any technical sense at all.
This is why external network pen testing alone is not the complete picture for many businesses, particularly those with a recognisable brand and a large customer base actively typing your domain into browsers or search engines every single day. Testing your own perimeter matters, but it says nothing at all about what is being built to impersonate you from entirely outside that perimeter, on infrastructure you neither own nor control.
Brand impersonation scales faster than most businesses expect
A convincing lookalike site does not need to fool every customer, only a small percentage of a large customer base, to generate meaningful fraud and meaningful reputational damage in return. Attackers building these sites often invest real effort into matching your visual branding, copying your privacy policy text, and even replicating your customer support contact details, because the more convincing the clone, the higher the yield from every single visitor who lands on it by mistake or by deliberate deception on the attacker’s part.
William Fieldhouse has watched brand impersonation escalate quickly once it starts.
“A client came to us after customers started reporting a website that looked identical to theirs, right down to the customer service phone number, except the number connected to someone else entirely. We found six lookalike domains registered within the same fortnight, clearly testing which version converted best before running a wider campaign. It read like a marketing test, except the product being tested was fraud.”
— William Fieldhouse, Director of Aardwolf Security Ltd
That marketing-style testing approach is a genuinely unsettling detail, because it shows organised, iterative effort rather than a single opportunistic attempt. Businesses with a strong customer-facing brand and a public-facing login page are the most attractive targets for this kind of campaign, precisely because the volume of visitors makes even a modest conversion rate worthwhile for the attacker running it.
Monitor for impersonation, do not just defend your own perimeter
Set up domain monitoring to catch lookalike registrations early, and pair that with your existing web application pen testing so both the real and the impersonated versions of your business are covered by the same ongoing vigilance. Aardwolf Security helps clients build this wider view of brand risk alongside more conventional testing work. Get in touch to find out whether a lookalike version of your business is already sitting out there right now, waiting quietly.
