Retail brands popular as domain names for phishing sites

More than six hundred .nl domain names based on Dutch retail brands are linked to phishing sites. But some retail sectors' brands are much more likely to be abused than others. Brands in the food and stimulants sector are most likely to be targeted. The findings come from research by SIDN into the potential abuse of Twinkle100 brand names for .nl domain names. Nearly twenty thousand domain names with strong resemblance to Dutch Twinkle100 retail brands were checked out.


SIDN's analysis indicated that 3 per cent of the checked domain names were very probably being used for phishing sites. However, the figure for domain names resembling food and stimulants retail brands was significantly higher: 6.3 per cent. Another outlier was the education and leisure sector, where 4.5 per cent of the analysed domain names were suspect. Fortunately, a proactive approach to abuse prevention is known to be effective: companies that act against typosquat domain names can substantially reduce scams linked to their brands.

Payment data

Phishing sites are set up by scammers with the aim of harvesting payment data from unsuspecting visitors. A common tactic is to use a domain name that looks like a trusted brand name. So, for example, a single letter will be added or left out (e.g. ''), or a zero used instead the letter 'o', a dot is omitted (e.g. or similar-sounding letters switched (e.g. 'k' for 'c' in ''), or a synonym used (e.g. 'vitaminshop' for 'vitaminstore').

SIDN used the Domain Name Surveillance Service (DBS) to analyse all the brand names of retailers in the Twinkle100. First, all the .nl domain names that incorporated or closely resembled the brand names were identified. Nearly twenty thousand were found. The flagged domain names were then classified using an automated procedure that looks at various characteristics. The classification process isn't 100 per cent reliable, but gives a strong indication of how the domain names are being used.

Shutting down scam sites

"By working with the Consumers' Association and others, we've already managed to take down a large number of fake webshops," says SIDN's CEO Roelof Meijer. "However, our analysis shows that scams are a persistent problem. Consumers therefore need to remain vigilant. Improbably low prices, badly written text and payment systems that only accept cryptocurrency are all signs that a website isn't what it seems to be."

According to the Dutch police's Internet Fraud Reporting Service, the average victim of a fake webshop scam loses about € 200. "Every incident also dents the reputation of the retailer whose name is abused," adds Meijer. "So it pays to monitor for potential abuses. And we know that monitoring is effective."



Marnie van Duijnhoven

communications manager

+31 26 352 55 00

  • Tuesday 26 March 2019


    The internet user of the future


    Four trends and predictions

    Read more
  • Friday 27 October 2017


    Internet shopping is booming


    On-line transactions and advertising spend both up

    Read more
  • Monday 25 February 2019


    Programming careers for refugees


    HackYourFuture gives new arrivals the tools to enter the labour market

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.