To understand this site, we first need to talk about cousin domains. Simply put, a cousin domain is similar to another, usually more popular, pre-existing domain. Cousin domains are also known to be a form of typosquatting, which is itself a form of cybersquatting.
Let's take a look at a couple examples using popular websites.
Misspellings
pre-existing domain: google.com
cousin domain: gogle.com
pre-existing domain: reddit.com
cousin domain: redddit.com
"But wait", you say, "these are all just misspellings of popular sites..." You're right! Good job noticing that.
Unicode: More Than Just Emojis
Updates to Unicode have brought us support for more languages and our beloved emoji 🤓. Unfortunately, another common tactic with cousin domains is using characters from other languages that look similar to the original domain's characters. We'll reuse our popular domains from earlier.
pre-existing domain: google.com
cousin domain: googlе.com
pre-existing domain: reddit.com
cousin domain: reԁԁit.com
Depending on your system's font preferences, these may be more or less convincing. A fun exercise is to look at these on mobile and see if you can spot the difference!
This variant of cousin domains is also called an IDN (international domain name) homograph attack. The Internet has been working out how to handle these over the last few years. If you're into security, it's a fun wiki-walk rabbit hole to disappear into.
Why This Site Exists
Cousin Domains are often used in cyber attacks like phishing to perpetuate fraud. This particular cousin domain came about due to simple human error.
My team often needs to log on to Fortinet's FortiCloud service to manage the hardware and services of our clients. Unfortunately, typos happen to the best of us, and we often find ourselves missing the 't' in forticloud.com. Especially pre-Redbull or pre-coffee 🪫.
When I realized this domain hadn't yet been registered, I registered it as a precaution since we often typoed it. I honestly can't believe this domain wasn't already taken.
Protecting Your Domain And Users
As of this writing, the best course of action to protect against cousin domain attacks is to register all of the variants you can discover, be consistent and loud with educating your users, and use layered security to protect your users and endpoints.
Look at DNS traffic when you can, talk to your clients/users, and try out homograph generators to discover possibilities.
Many email security solutions have configuration options to flag cousin domains as junk.
If you don't already educate your userbase about cyber threats, consider implementing basic cybersecurity awareness training and phishing simulation.
Finally, if you manage client endpoints, think about implementing DNS filtering or SASE/ZTNA solutions on the client that can catch newly registered or suspicious domains.
The linked examples are not exhaustive and may not fit every organization.
Stay safe out there!
Acknowledgements
Fortinet, and FortiCloud belong to Fortinet. Thanks for making the best (in my opinion) security solutions in the industry (I'm a little biased!)
This site reflects my personal opinion, and not the opinion of my employer.
Thanks to the folks who helped me up the ladder. <3