I recently participated in NTEN‘s new cybersecurity community, and learned about this wonderful easy tool called DNStwist. All you have to do is enter your own domain name (eg: lotusmedia.org in my case) and it scans global domain registries for common variations designed to trick a reader into thinking it’s your domain.
A very common phishing technique is to send an e-mail seeming to be from your organization that sends people to what seems like your website. Both the e-mail address and URL might look almost exactly like yours, especially to someone who is not paying attention. Often scammers will add an element of urgency which adds to the user’s confusion and lead them to take action before thinking it through clearly.
After running this scan which shows 15 domains spoofing mine, my next step as an organization would be to block all of these addresses from e-mailing anyone in my workspace. Unfortunately I don’t have any way to stop an external internet user from visiting and mistaking one of these sites for mine. So be alert and make sure you always know who is behind what you’re looking at!
Bonus: The code for DNStwist is publicly available on GitHub! https://github.com/elceef/dnstwist