Retail brands popular as domain names for phishing sites

More than six hundred .nl domain names based on Dutch retail brands are linked to phishing sites. But some retail sectors' brands are much more likely to be abused than others. Brands in the food and stimulants sector are most likely to be targeted. The findings come from research by SIDN into the potential abuse of Twinkle100 brand names for .nl domain names. Nearly twenty thousand domain names with strong resemblance to Dutch Twinkle100 retail brands were checked out.


SIDN's analysis indicated that 3 per cent of the checked domain names were very probably being used for phishing sites. However, the figure for domain names resembling food and stimulants retail brands was significantly higher: 6.3 per cent. Another outlier was the education and leisure sector, where 4.5 per cent of the analysed domain names were suspect. Fortunately, a proactive approach to abuse prevention is known to be effective: companies that act against typosquat domain names can substantially reduce scams linked to their brands.

Payment data

Phishing sites are set up by scammers with the aim of harvesting payment data from unsuspecting visitors. A common tactic is to use a domain name that looks like a trusted brand name. So, for example, a single letter will be added or left out (e.g. ''), or a zero used instead the letter 'o', a dot is omitted (e.g. or similar-sounding letters switched (e.g. 'k' for 'c' in ''), or a synonym used (e.g. 'vitaminshop' for 'vitaminstore').

SIDN used the Domain Name Surveillance Service (DBS) to analyse all the brand names of retailers in the Twinkle100. First, all the .nl domain names that incorporated or closely resembled the brand names were identified. Nearly twenty thousand were found. The flagged domain names were then classified using an automated procedure that looks at various characteristics. The classification process isn't 100 per cent reliable, but gives a strong indication of how the domain names are being used.

Shutting down scam sites

"By working with the Consumers' Association and others, we've already managed to take down a large number of fake webshops," says SIDN's CEO Roelof Meijer. "However, our analysis shows that scams are a persistent problem. Consumers therefore need to remain vigilant. Improbably low prices, badly written text and payment systems that only accept cryptocurrency are all signs that a website isn't what it seems to be."

According to the Dutch police's Internet Fraud Reporting Service, the average victim of a fake webshop scam loses about € 200. "Every incident also dents the reputation of the retailer whose name is abused," adds Meijer. "So it pays to monitor for potential abuses. And we know that monitoring is effective."



Marnie van Duijnhoven

communications manager

+31 26 352 55 00

  • Friday 15 March 2019

    About SIDN

    Security of smart devices more important than ever


    Market for smart home products is growing

    Read more
  • Wednesday 25 September 2019

    Internet security

    "Alert Online's strength is its partner network"


    Patricia Zorko: "Alert Online's message is increasingly relevant."

    Read more
  • Friday 12 April 2019

    .nl domain name

    What can we do? Someone has already registered the domain name matching our company's name!


    It pays to register your domain name before setting up your company

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.