
Lookalike Domains & Typosquatting: A Defense Guide
An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.
Security awareness tips, industry news, and product updates.

An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

The FBI's 2025 Internet Crime Report tallies a record $20.9 billion in losses, with business email compromise close to the top. Here's what the numbers mean and the controls that actually help.

Verizon's 2026 Data Breach Investigations Report puts the human element in 62% of breaches and confirms attackers are pivoting to mobile and the browser. Here's what it means for your awareness program.

Scattered Spider doesn't hack your MFA — it calls your help desk and talks an agent into resetting it. Here's how help desk social engineering works and how to lock the door.

Attackers can now clone an executive's voice from three seconds of audio and join a video call as a synthetic colleague. Here's how deepfake CEO fraud works and how to stop it.

ClickFix tricks users into pasting a malicious command into their own computer under the guise of a CAPTCHA or 'fix this error' prompt. Here's why it bypasses your filters and how to train against it.

The FBI is warning fans that criminals are spoofing FIFA's ticketing site ahead of the 2026 World Cup. Here is why event-themed lures land in employee inboxes and how to train your team to spot them.

The FBI is warning about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Here's how the attack works and how to defend your organization.

Device code phishing is spreading through criminal toolkits and phishing-as-a-service offerings. Here is how the Microsoft 365 attack works and what teams should do next.

Bitdefender's Operation Road Trap research shows how toll, parking, and traffic-fine smishing has scaled across countries. Here is what employees and security teams should watch for.

Microsoft is warning US organizations about a sophisticated code-of-conduct phishing campaign using PDFs, CAPTCHA gates, and AiTM token theft. Here is what security teams should watch for next.