In cases where a domain is protected by email authentication and domain spoofing is not possible, attackers try to deceive the recipient by registering and using domains that are similar to the impersonated domain. These types of attacks, known as lookalike domain attacks, often use homoglyphs or characters that appear similar to the original characters in the impersonated domain. For example:
- [email protected] vs DAVID.SMITH@G00GLE.COM (replacing letter O with number 0)
- [email protected] vs David.Smith@googIe.com (replacing lowercase L with uppercase I)
When an email is confirmed as dangerous by our Visible-IR (Incident Response) Team, the following banners may appear at the top of the email. In addition to this banner the email may be moved to either your Junk or Deleted email folder depending on the threat detected