Home / Blogs

Key Findings from the 2021 Domain Security Report

With cybercrime on the rise, companies in 2021 have experienced increased ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks, and online brand and trademark abuse. While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk.

The risk of not addressing your domain security can be catastrophic. Domains that are not being protected pose a significant threat to your cybersecurity posture, data protection, consumer safety, intellectual property, supply chains, revenue, and reputation.

70% of third-party owned domains target the Forbes Global 2000 with suspicious or malicious activity

The intent of malicious domain registrations is to leverage the consumer trust placed on the targeted brand to launch phishing attacks or other forms of digital brand abuse or IP infringement that leads to revenue loss, traffic diversion, and a diminished brand reputation. There are endless domain-spoofing tactics and permutations that can be used by phishers and malicious third parties.

In the 2021 Domain Security Report, we identified and analyzed domains containing the brand names with more than six characters from the Global 2000 companies that were not owned by the brands themselves. Based on frequent observation of use in phishing domains, our analysis included common Latin-character substitutions, for example, using C0rnpanyNarne.com to look like CompanyName.com.

Out of the third-party-owned domains, how are these third-party domains currently being used?


From the analysis of these domains owned by third parties, many have a high propensity to be used as malicious domains for cyber attacks. The registrants typically hide behind privacy services or redacted WHOIS to mask their identities, register domains that look confusingly similar to known brands, and use tactics to look legitimate to entice an end-user to click on a link or trust a site that is infringing on a brand.

We recommend that companies establish a robust domain, web, and phishing monitoring program coupled with takedown capabilities. They should also establish a secure 360-degree domain management strategy to register exact matches, protect against a variety of domain spoofing tactics such as homoglyphs, fuzzy matches, cousin domains, as well as register across new generic top-level domains (gTLDs) and country-code domain extensions associated with countries of operations and sales, in addition to other high-risk countries and extensions.

By Sue Watts, Global Marketing Leader, Digital Brand Services, CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byVerisign


Sponsored byDNIB.com