The practice of combosquatting is one of the most sophisticated and harmful digital threats, using your brand name in combination with other terms to create fake domains that mislead your customers and eat away at your revenue.
Faced with such a subtle attack, the question that remains is: how to guarantee a truly effective defense?
To answer this question and present a path to full protection, Branddi prepared this definitive guide.
Here, we detail not only what this threat is, but also how to build a solid barrier against it.
Read on to discover the mechanisms behind combosquatting, the real impacts it can have on your business and, most importantly, the effective strategies to monitor, identify, and neutralize these attacks, permanently shielding your brand.
Shall we go?
What is combosquatting?
Combosquatting is a form of digital fraud where your brand name is combined with words like “payment”, “support” or “login” to create malicious domains. In other words, contrary to tactics that rely on typos, the objective here is to build false legitimacy by creating an address such as youramarca-acesso.com that appears to be an official extension of your service.
This tactic is the main vector for phishing attacks, which seek to steal customer data and financial credentials.
And the seriousness is clear: data from Statista indicate that phishing is already among the most common types of scams, impacting almost half of online merchants globally.
Main types of combosquatting
The seriousness of combosquatting lies in the fact that it is not a single tactic, but rather an arsenal of variations created to explore the consumer's different psychological triggers.
The scale of the problem is massive: research from Unit 42 of Palo Alto Networks revealed that 13,857 cybersquatting domains were detected in a single month, an average of 450 new Fake sites per day.
Within this universe of threats, combosquatting stands out as one of the most common and effective variations, combining legitimate brand names with specific terms to deceive users.
To build an effective defense, it's essential to know the strategies that scammers use.
Below, we detail the main types of combosquatting in action.
Adding generic words
This is the most basic form of combosquatting, where generic words such as “website”, “online”, “portal” or “web” are attached to the brand name.
The objective is to create a domain that sounds like an official portal or the company's main online presence, prompting the user to let their guard down.
The simplicity is what makes the domain plausible. After all, the user sees the brand name and the word “site”, assuming it's the right place.
Examples: lojasrenner-site.com, yourbrand-online.net, web-magalu.org.
Entering numbers
Adding numbers like “24,” “365,” “01,” or the current year to the domain name is another common tactic.
This technique seeks to suggest a 24-hour service, an updated version of a portal, or simply to create a variation that goes unnoticed by simpler monitoring systems.
Numbers can convey modernity or continuous availability, such as a “24-hour support” service.
Examples: bancointer24.com, support-apple365.net, yourbrand2025.com.
Use of service-related terms
This is undoubtedly one of the most dangerous types of combosquatting, as it directly targets the client's intention to perform an action, such as paying a bill, accessing a profile, or requesting support.
The effectiveness of this tactic is validated by concrete data: reports from APWG (Anti-Phishing Working Group), the leading organization to combat online fraud, show that the financial and social media sectors are the preferred targets of scammers, together accounting for almost 50% of all registered phishing attacks.
It works as follows: The scammer attaches terms such as “login”, “payment” or “invoice” to your brand, creating a landing page identical to the original to capture credentials the moment the user tries to complete the action.
Examples: payment-netflix.com, invoice-vivo.net, access-govbr.org.
Combination with product names
Here, the attack is aimed at customers interested in a specific product or line of your brand. Thus, scammers register domains that combine the brand name with that of a popular product, often to promote fake offers, pre-sale scams, or phishing pages disguised as a launch.
The danger of this action lies in the fact that it attracts a highly qualified audience with the intention of buying, making the scam even more effective.
Examples: iphone15-apple.info, promocao-bold-snacks.com, tenis-nike-air.net.
Mix with urgent or official terms
This variation explores the psychology of urgency and authority to force immediate and thoughtless action.
Words such as “urgent”, “alert”, “notification”, “verification” or “official” are added to create a sense of alarm, causing the victim to click and enter their data to avoid an alleged negative consequence. In other words, this mix manipulates the user's fear (losing the account, having the payment blocked) so that they ignore warning signs.
Examples: notificacao-nubank.com, verifia-official-marketolivre.org, alerta-bradesco.net.
How to recognize a case of combosquatting?
As we saw in the topics above, identifying a combosquatting domain requires attention to detail. And while scammers try hard to appear legitimate, some signs almost always deliver the scam.
Keep an eye out for these points:
- Suspicious URL: the clearest sign is the domain structure. It combines the exact brand name with words such as payment, support, login, invoice or promo, almost always separated by a hyphen. For example, yourbrands-access.com instead of the official yourbrand.com;
- Unusual domain extension (TLD): Consolidated brands generally use .com or.com.br domains. Be wary of less common extensions such as .xyz, .club, .info, .online, or .top, which are often used in scams due to their low cost and easy registration;
- Unsolicited and urgent communication: The link to the fake site usually arrives via email, SMS, or WhatsApp message with an urgent tone, such as “Your account will be blocked” or “Last chance to take advantage of the offer”. Serious companies rarely use this alarmist approach;
- The false security seal (HTTPS): many believe that the security padlock next to the URL means that the site is legitimate. That's a myth. The padlock (HTTPS) only indicates that your connection to the site is encrypted. Scammers also use HTTPS to appear more trustworthy. Therefore, the padlock is not a guarantee of security, only of privacy when connecting.
How does combosquatting impact brands?
What is the true cost of a scam for your tag? If your answer was the amount of the lost transaction, it's time to recalculate the loss. After all, combosquatting acts like an iceberg: immediate financial damage is just the visible tip of a much larger and more dangerous problem.
The study The Real Cost of Fraud by LexisNexis® Risk Solutions For Brazil, he quantified this hidden damage in an alarming way: for every 1.00 lost in a scam, the real cost to the company reaches 3.59.
That devastating difference includes fees, legal costs, product replacement, and most importantly, your team's hours spent managing the crisis.
Next, we will detail how this loss spreads, attacking the most important pillars of your business.
Damage to the brand image
When a customer is the victim of a scam on a site that uses your brand name, the blame falls on the company, not on the person responsible for the scam. Thus, the negative experience is immediately associated with your image, tarnishing the reputation built with years of investment.
This damage is amplified on social networks and complaint portals, where a single incident can go viral and drive away thousands of potential customers.
Decrease in revenues
The financial impact is direct and twofold. First, there's the loss of revenue from sales that are diverted to the fake sites. That's money that will never go into your box.
Second, there is the loss of opportunity: customers who are directed to fake pages, even if they don't fall for the scam, abandon the buying journey, resulting in lost sales and an increase in the cost of acquiring customers.
Breach of consumer confidence
Trust is a brand's most valuable asset, and every combosquatting incident is a crack in that foundation.
After all, the expectations of the modern consumer are clear: a survey that we ourselves ordered here at Brand of, revealed that, for 88% of users, the investment of a brand in protection against fake sites and digital scams is a positive differential for purchase and loyalty.
In other words, in the eyes of the consumer, when a company does not act proactively, it is not only allowing a scam; it is breaking a fundamental expectation of its audience, resulting in clients seeking competitors who demonstrate a real commitment to their safety.
Loss of organic traffic and online authority
The proliferation of combosquatting domains can confuse search algorithms such as Google's. That's because many low-quality sites using your brand name dilute your online authority.
This can, in extreme cases, negatively impact the ranking of your official website, causing your brand to lose valuable positions and organic traffic qualified for the scammers themselves.
Increased risk of attacks and fraud
A combosquatting domain isn't an isolated attack: it's a vulnerability test. And when scammers notice that a brand doesn't react, it's flagged as an easy target, attracting a wave of new offensives.
In other words, ignoring a case of combosquatting today is, in practice, opening the door to the next attack against your customers and your brand tomorrow.
How to protect your brand against combosquatting?
Faced with such a hostile scenario, inertia is not an option. But how do you move from reactive defense to truly proactive protection? The answer lies in strategy and technology.
Report data Cost of IBM Security Data Breaches are clear: in Brazil, organizations that use AI and security automation identify and contain violations 68 days faster than those that don't. That is, shielding your brand isn't just about putting out fires: it's about building a fortress. See the pillars for comprehensive defense.
Preventively register domains
The first line of defense against combosquatting is to occupy territory before the enemy.
Therefore, registering domains that combine your name with terms of service (such as yourbrand-support.com) or with common typos is a low-cost and high-impact tactic.
By doing so, you neutralize the scammers' main weapon, preventing them from creating fake sites with plausible addresses. Also map out the most obvious and dangerous variations and acquire them preventatively.
Think about how the scammer acts: what combinations would be most convincing to trick your customers?
This proactive action is the foundation of a digital protection strategy that is much cheaper than remedying image damage or a large scale scam.
Constantly monitor the internet
You can't defend yourself against a threat you don't see and that's why the speed of the digital scam is daunting.
Proof of this was the Brazilian Public Safety Yearbook, released by the Brazilian Public Safety Forum in 2022, in which Brazil registered an average of 208 scams per hour. This alarming number reflects the migration of scams to the virtual environment, where the scale is greater and the risk for the offender is lower.
At this rate, it's humanly impossible to manually keep up with the rise of new fake domains and sites. For this reason, constant and automated monitoring is indispensable.
Thus, it's no exaggeration to say that using technology that scans the internet 24/7 is the only way to identify threats in real time and act before the damage to your brand becomes irreversible.
Implement strong authentication and digital security
Brand protection is also strengthened from the inside out. That is, even if a customer is deceived by a combosquatting site, you can hinder the scammer's action on their official platforms.
Implementing Multifactor Authentication (MFA) on user accounts is a powerful barrier against credential theft. Likewise, setting up email security protocols like DMARC prevents these scammers from sending phishing emails using your legitimate domain.
Not only do these layers of security protect your customers directly, but they also reinforce the perception that your brand takes security seriously, strengthening consumer trust in your digital ecosystem.
Count on specialized partners
Recording, monitoring, analyzing, and taking down threats is a full-time job that requires technology, legal knowledge, and agility. And trying to do this internally distracts the focus from your core business and rarely achieves the effectiveness needed to combat the more organized scammers.
This is where a specialized partner becomes a strategic asset. After all, a solution like Branddi's integrates all of these fronts: 24/7 monitoring with artificial intelligence, expert analysis to validate threats and, most importantly, the fast and unlimited execution of takedowns (removals) to neutralize fake sites.
This transforms your defense from a manual, reactive effort to a comprehensive and proactive protection operation.
Branddi: the ideal solution to protect your brand online!
As we said throughout the text, effectively combating combosquatting requires more than just good intentions; it requires a robust combination of technology, intelligence, and quick action.
It's exactly that comprehensive approach that Branddi offers to permanently secure your business. That's because our tool, which combines artificial intelligence with human expertise, scans the internet incessantly, 24 hours a day, identifying newly registered domains, advertisements, social media profiles, and any mention that represents a threat.
But technology is just the beginning: our team of specialists takes action analyzing each alert, validating the threat, and initiating the removal (takedown) process in an immediate and unlimited way.
In other words, from monitoring to overthrowing, we take care of the entire cycle. This frees up your team to focus on what really matters - the growth of your business!
Don't expect a combosquatting attack to turn into a crisis. Visit our site and learn more about our Shielding marketing!
Pronto para blindar sua marca?
Não deixe seus clientes caírem nas garras de concorrentes, golpistas e aproveitadores.