A rise in malicious domain name activity: How a surge in "lookalike" domains impacts brand protection and trade marks in 2025

According to the World Intellectual Property Office (WIPO) on a recent webinar, data indicates a rising number of 'lookalike' domain names being registered, domain names that closely resemble legitimate (often well known) domain names with a view to confusing or misleading web users. 

Lookalike domain names often differ from legitimate domain names immaterially with a view to re-directing web-users to alternative businesses or to hoax imitation webpages where malicious actors may extract sensitive information and cause harm. Such differences may only be minor misspellings of a legitimate domain name, the use of a legitimate domain name with a different top level domain (e.g. replacing .com with .ai or .biz) or by adding a legitimate sounding prefix or suffix to an otherwise legitimate domain name (e.g. "invest-", "secure-" or "-group").

In the recent webinar, WIPO reported that there has been a spike in such cases since 2020 where lookalike domain names are being used to facilitate malicious activities via impersonation and fraud. Aside from extracting sensitive information from web-users and potential financial loss, domain name fraud and impersonation also risks significant reputational harm to the owner of the domain name being impersonated. All businesses should therefore be mindful of its domain name strategy and employ risk mitigation strategies to protect its customers and its own reputation.

Key trends:

1. The landscape of online fraud has shifted significantly, with impersonation now representing the dominant form of abuse, overtaking malware and other types of fraud. The annual volume of impersonation cases involving domain names has increased more than fivefold over the past fifteen years.
2. The ".com" top-level domain is most susceptible to exploitation due to its perceived legitimacy. Domain names ending in ".com" represent an overwhelming majority of the impersonation and fraudulent email scheme cases that have been identified.
3. Fraudsters are increasingly employing sophisticated techniques such as 'circular legitimacy' which relies on use of lookalike domain names, lookalike emails, and lookalike phone numbers to mimic the branding and communication style of legitimate companies to deceive users. All of these lookalike assets will cross refer between themselves. One might find themselves on a lookalike domain that may refer to a lookalike phone number. Calling such phone number may refer someone to a lookalike email which then refers an individual back to the lookalike domain name. For example, they may comment on genuine company announcements or deals but include links to their own fraudulent websites, thereby luring unsuspecting users.

What you need to do - risk mitigation and defensive steps

• Defensive Registrations: Businesses are encouraged to register their domain names for all core top level domains that may be relevant to their business (e.g. ".co.uk", ".com" and ".ai") as well as all domain names that incorporate variations of their legitimate domain names (e.g. including hyphenations, common misspellings and homographic variations such as "o" and "0") to prevent them from being obtained by third parties. 

• Monitoring: All businesses should have a policy requiring active monitoring of the online environment to detect potentially malicious domain names as early as possible. Monitoring may be carried out internally via regular searching of online search engines. Alternatively, Ashurst offers a comprehensive domain name monitoring service that can provide early warning signs of potential threats.

• Trade Mark Rights: The primary means of enforcing rights in domain names is via the Uniform Domain-Name Dispute Resolution Policy (UDRP). However, the complainant must demonstrate that the lookalike domain name would infringe its trade mark rights. Businesses are recommended to regularly review their trade mark portfolios and to consider whether they provide sufficient basis to make a claim under the UDRP should their core domain names be subject to fraud or impersonation attempts.

• Complaints: The UDRP offers a useful process for addressing infringement of intellectual property rights through a domain name. It does not extend to other forms of online abuse. In such cases, legal disputes through the courts will be more pertinent. When dealing with abusive domain names, the primary remedies available under the UDRP are the transfer or deletion of the domain name. The UDRP cannot provide any other remedies. Organisations are encouraged to request the transfer of domain names. Deletion is generally discouraged, as it may allow the domain to be re-registered by another malicious actor. When submitting a complaint, it is important to ensure that all points required under the UDRP are adequately addressed, as the standard of proof is high.

• Evidence: Businesses must act quickly when problematic or infringing content is identified. Comprehensive evidence, including the URL, metadata, and the exact time and date the content was observed must be thoroughly documented. Additionally, viewing the page source can sometimes reveal information about the platform or tools used to create the fraudulent website, which may assist in further investigations. This detailed documentation increases the likelihood that the evidence will be admissible in court, or useful in the event of a domain name complaint under the UDRP.

• Blocking: Businesses are recommended to quickly block any abusive domain names from their internal systems. Whilst blocking fraudulent domain names may not prevent external parties from accessing such websites, it can protect a business's own employees from inadvertently accessing the incorrect website (WIPO reports that it is often a business's employees, rather than its clients, that are the intended victims of the deception).

If you have any concerns regarding potentially malicious domain names, please reach out to one of our key contacts to discuss.

Other author: Prithivi Venkatesh, Junior Associate.