Combosquatting

How it works

Unlike typosquatting, the brand name is spelled correctly, so it passes a quick glance. Attackers append words like "login", "secure", "support", "wallet", or "pay" that fit the pretext of the scam, then host phishing or fraud on the result.

How it relates to brand impersonation

Because the brand name stays intact, combosquatting is especially convincing in emails and ads. That makes it a favourite for spear phishing and support scams that impersonate your brand.

How nebty helps

nebty monitoring watches the keyword-combination space around your brand, not just simple typos, so support- and payment-themed lookalikes surface early and can be taken down on demand.

Why combosquats slip past people

Combosquatting is dangerous precisely because nothing is misspelled. A domain like yourbrand-support.com or secure-yourbrand.com contains your exact name, so it passes the quick scan most people give a link, and it reads as plausible in an email signature or an ad. The added word is chosen to fit the pretext: support, help, and account for service scams; secure, verify, and login for credential theft; pay, wallet, and refund for payment fraud. There is no limit to the combinations, so defensive registration cannot cover them all. The practical defence is monitoring that watches keyword combinations around your brand, not single-character typos alone, and scores the payment- and login-themed ones as higher risk so they reach a human before customers do.

Treat any combosquat that has set up mail records as urgent, since that is the step taken right before it starts sending invoices or support messages in your name.