Glossary
Brand protection glossary
Clear, concise definitions of the domain, phishing, and impersonation threats we help you monitor and take down. Every term links to the relevant nebty solution.
63 terms
Takedown & response
Getting fraudulent domains, sites, and content removed on demand.
Abuse report / abuse contact
An abuse report is a formal complaint sent to a registrar, host, or platform that documents how a domain or site breaks their policy or the law, asking them to act on it.
Blacklisting (Safe Browsing)
Blacklisting is getting a malicious domain or URL added to security blocklists, such as Google Safe Browsing, so browsers, email providers, and security tools warn or block users who try to reach it.
Brand enforcement
Brand enforcement is the active side of brand protection: pursuing and removing infringements and impersonations through takedowns, legal notices, and platform reports, rather than only monitoring for them.
DMCA takedown
A DMCA takedown is a request under the US Digital Millennium Copyright Act asking a host or platform to remove content that infringes your copyright, such as a site that copies your text, images, or code.
Domain suspension
Domain suspension is when a registrar or registry disables a domain, usually for abuse or a policy violation, so it stops resolving and the site and email attached to it go dark.
Domain takedown
A domain takedown is the process of getting a fraudulent or infringing domain deactivated or removed by the parties that control it: the registrar, the hosting provider, or the registry.
Phishing site takedown
A phishing site takedown is the urgent removal of a web page built to steal credentials, payment details, or personal data by impersonating a trusted brand or login.
Takedown-as-a-service
Takedown-as-a-service is an outsourced model where a specialist provider handles the removal of fraudulent domains, sites, and content for you, instead of you fighting registrars and hosts in-house.
Website takedown
A website takedown is the removal of a fraudulent or infringing website (a fake shop, phishing page, or scam site) by working with its hosting provider, CMS platform, or registrar.
Domain abuse & monitoring
Lookalike domains, squatting, and the monitoring that catches them early.
Bitsquatting
Bitsquatting is registering domains one bit different from a target domain, exploiting rare memory errors that flip a single bit so a device resolves the wrong, attacker-owned name.
Combosquatting
Combosquatting combines a brand name with an extra word, such as "paypal-security.com" or "apple-support.net", to create a domain that looks legitimate and trustworthy.
Cybersquatting
Cybersquatting is registering, trafficking in, or using a domain name that is identical or confusingly similar to someone else’s brand or trademark, in bad faith.
DNS
DNS, the Domain Name System, is the internet directory that translates human-readable domain names into the IP addresses machines use to connect, and a frequent target and tool in domain abuse.
Domain hijacking
Domain hijacking is the theft of control over a domain, by compromising the owner registrar account, transferring it without authorization, or altering its DNS, so the attacker can redirect or impersonate the real site.
Domain monitoring
Domain monitoring is the continuous tracking of newly registered and changed domains that resemble your brand, so you can spot lookalikes and abuse early, before they are used against you.
Domain reputation
Domain reputation is a score that mail providers, browsers, and security tools assign to a domain based on its history, deciding whether to trust, flag, or block its mail and links.
Domain spoofing
Domain spoofing is faking a trusted domain, in a website URL or an email sender address, to make fraudulent content appear to come from a legitimate brand.
Homoglyph domain (IDN homograph)
A homoglyph domain swaps letters for visually identical characters, often from other alphabets, like a Cyrillic "а" for a Latin "a", to spoof a brand domain almost invisibly.
Lookalike domain
A lookalike domain is any domain crafted to resemble a legitimate one closely enough to deceive. It is the umbrella term that covers typo-, combo-, and homoglyph squatting and more.
New gTLD abuse
New gTLD abuse is the exploitation of the many newer top-level domains, such as .shop, .app, .xyz, and .top, to register cheap lookalike and scam domains at scale.
Punycode
Punycode is the encoding that represents non-ASCII characters in domain names using only ASCII, turning an internationalized domain into a string that starts with "xn--". Attackers exploit it to hide homoglyph domains.
Subdomain takeover
A subdomain takeover is when an attacker claims a subdomain you no longer use but still point to a third-party service, letting them host content on your real domain.
Typosquatting
Typosquatting is the registration of domains that exploit common typing mistakes of a well-known domain, such as "gogle.com" or "amazn.com", to capture mistyped traffic.
WHOIS
WHOIS is the public directory of domain registration data, showing details like the registrar, creation date, and, where not redacted, the registrant, used to investigate and report abusive domains.
Impersonation
Fake profiles, executive impersonation, and brand impersonation across the web.
Brand impersonation
Brand impersonation is any attempt to pose as a legitimate brand, through fake websites, domains, social profiles, ads, or emails, to deceive that brand’s customers or partners.
Deepfake
A deepfake is synthetic audio, image, or video generated by AI to make a real person appear to say or do something they never did, increasingly used to impersonate executives in fraud.
Digital impersonation
Digital impersonation is the broad practice of pretending to be a person or organization online. It covers both brand impersonation and the impersonation of individual executives or employees.
Executive impersonation
Executive impersonation is impersonating a company’s leaders, such as the CEO, CFO, or founders, to abuse their authority, typically to authorize fraudulent payments or extract sensitive information.
Fake mobile app
A fake mobile app is a malicious or counterfeit app that imitates a real brand app, distributed through app stores or download sites to steal credentials, payments, or data.
Fake social media account
A fake social media account is a profile or page that copies a real brand, executive, or person to scam followers, run fake support, or post fraudulent offers under a borrowed identity.
Impersonation attack
An impersonation attack is any attack where the adversary pretends to be a trusted brand, person, or system to deceive a target, the umbrella for phishing, fake profiles, spoofing, and business email compromise.
Malvertising (fake ads)
Malvertising is the use of online ads to deliver scams or malware, often by impersonating a real brand in the ad so users click a paid result that leads to a fraudulent site.
Social media impersonation
Social media impersonation is the use of fake profiles, pages, or accounts that copy a brand or person to scam followers, run fake support, or spread fraudulent offers.
Phishing & email
Phishing in all its forms and the email-based fraud that rides on it.
Account takeover (ATO)
Account takeover (ATO) is fraud in which an attacker gains control of a legitimate user account, typically using stolen or phished credentials, to steal funds, data, or further access.
Business email compromise (BEC)
Business email compromise (BEC) is a fraud in which an attacker impersonates an executive, employee, or vendor over email to trick a company into transferring money or data.
CEO fraud
CEO fraud is a scam in which an attacker impersonates a company chief executive, usually by email, to order an urgent payment or data transfer that an employee carries out without checking.
Clone phishing
Clone phishing copies a real, previously delivered email, then resends it with the links or attachments swapped for malicious ones, so it looks like a familiar message the recipient already trusts.
Credential harvesting
Credential harvesting is the large-scale collection of usernames and passwords, usually through phishing pages that imitate a real login, for use in fraud or account takeover.
DMARC
DMARC is an email authentication standard that tells receiving servers how to handle messages that fail SPF and DKIM checks, and reports who is sending mail using your domain. It is the main defence against email spoofing.
Email spoofing
Email spoofing is forging the sender address of an email so it appears to come from a trusted domain. It is the technical basis for most phishing and BEC.
Phishing
Phishing is a social-engineering attack that tricks people into revealing credentials, payment data, or other sensitive information by impersonating a trusted brand, person, or service.
Phishing kit
A phishing kit is a ready-made package of code and templates that lets a low-skill attacker stand up a convincing fake login or payment page in minutes.
QR phishing (quishing)
QR phishing, or "quishing", hides a malicious link inside a QR code so victims scan their way to a fraudulent page, bypassing many email and URL filters in the process.
Reverse proxy phishing (AiTM)
Reverse proxy phishing, also called adversary-in-the-middle (AiTM), sits between the victim and the real site, relaying the login in real time to steal the session and defeat multi-factor authentication.
SEO poisoning
SEO poisoning is the manipulation of search rankings so malicious or impersonating pages appear high in results for trusted brand or topic queries, luring users into clicking them.
Smishing
Smishing is phishing delivered via SMS or messaging apps: a text that impersonates a brand, such as a bank, courier, or tax office, and links to a fraudulent page.
Spear phishing
Spear phishing is a targeted phishing attack tailored to a specific person or small group, using personal or organizational details to make the lure highly convincing.
Vishing
Vishing is voice phishing: a phone call or voicemail that impersonates a trusted organization or person to pressure the target into revealing information or making a payment.
Whaling
Whaling is a phishing attack aimed at senior executives, the most valuable targets, using highly tailored messages to trigger high-value actions like large wire transfers or the release of sensitive data.
Brand protection & DRP
The category terms: brand protection, digital risk protection, and more.
Brand abuse
Brand abuse is the unauthorized use of a brand name, logo, or identity to deceive or profit, spanning impersonation, counterfeiting, fraud, and reputation attacks.
Brand impersonation protection
Brand impersonation protection is the discipline of detecting and removing impersonations of your brand across the internet, combining continuous monitoring with active takedowns.
Brand protection
Brand protection is the practice of defending a brand’s identity, reputation, and customers from online abuse such as impersonation, counterfeiting, phishing, and fraud, through monitoring and enforcement.
Cyber threat intelligence (CTI)
Cyber threat intelligence (CTI) is the collection and analysis of data about threats and threat actors, turned into actionable insight that helps an organization anticipate and defend against attacks.
Digital identity protection
Digital identity protection is the practice of safeguarding the online identity of a brand and its people from impersonation, misuse, and theft across the web and social platforms.
Digital risk protection (DRP)
Digital risk protection (DRP) is the practice of monitoring the open, deep, and dark web for threats to an organization’s brand, people, and data, and acting to reduce them.
External attack surface (EASM)
The external attack surface is everything about your organization that is reachable from the public internet, including domains, subdomains, certificates, exposed services, and the lookalikes that impersonate them. Managing it is called EASM.
Trademark monitoring
Trademark monitoring is watching for unauthorized use of your registered trademarks, in new trademark filings, domains, marketplaces, and online content, so you can object or enforce early.
Crypto
Wallet drainers, fake exchanges, and the impersonation crypto brands face.
Crypto phishing
Crypto phishing is phishing aimed at cryptocurrency users, using fake wallets, exchanges, and token sites to steal seed phrases, private keys, or wallet approvals.
Crypto wallet drainer
A crypto wallet drainer is malicious code, usually behind a fake site or token approval, that tricks users into signing transactions which empty their cryptocurrency wallet in one go.
Fake airdrop / token scam
A fake airdrop scam imitates a legitimate token giveaway to trick crypto users into connecting their wallet or paying a fee, then drains their funds or steals their approvals.
Fake crypto exchange
A fake crypto exchange is a fraudulent platform that imitates a real exchange or invents a plausible one, to take deposits it never lets users withdraw.
Pig butchering scam
A pig butchering scam is a long-con investment fraud where the scammer builds trust or romance over weeks, then steers the victim into a fake crypto platform that swallows their money.
Fintech
Payment fraud and impersonation aimed at fintechs and their customers.