Back to Academy
TOOLS

Brand Defense: Detecting Impersonation and Phishing

6 MIN READ
STRATEGIC INTEL

DEEP INTEL:
Brand Defense: Detecting Impersonation and Phishing

Technical methodology and strategic overview for security professionals.


What is Brand Defense?

Brand Defense is the proactive monitoring for domains that look like yours (e.g., tarnet.com vs target.com) and are being used for malicious purposes.


Why It Matters

Phishing sites often go live just hours before a major campaign. If you don't detect them, your customers' credentials will be stolen under your brand name.


How to Use the Brand Tab

1.

Select the **Brand Defense** tool.

2.

Our engine automatically generates hundreds of common typos and permutations of your domain.

3.

We check which ones are currently registered and active.

4.

We look for 'Login Pages' on those domains—a 100% indicator of phishing.


Impact on Security Posture

Early detection of typosquatting allows you to issue Take Down requests (DMCA/UDRP) before a single customer is affected, preserving brand trust and reducing fraud losses.


Share this Intel

Spread the methodology to harden the collective perimeter.

Share Intel

Clinical Mastery

Expert CLI Documentation & Tradecraft

Tool Reference

dnstwist

A domain name permutation engine that finds registered typosquatted domains aimed at phising your users.

dnstwist --registered <domain>

Core Flags & Options

--registered

Only displays permutations that are currently resolving/registered in DNS.

--ssdeep

Fetches the HTML of found sites and compares it to your own to find pixel-perfect clones.

--mxcheck

Checks if the spoofed domain has active mail servers configured (a high indicator of phishing).

Expert Strings (Chaining & Automation)

Clone Detection

dnstwist --registered --ssdeep target.com

BENEFIT: Identifies domains that have cloned your website's content to trick users.

Brand Alert String

dnstwist --registered --mxcheck target.com | grep -v '!'

BENEFIT: Filters for domains that are fully weaponized and ready to send fraudulent emails.

PRO TIP: Always pipe output into tee -a recon_log.txt to maintain a clinical audit trail of your investigation steps.