Subscribe to Hexnode Blog
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
BackWhat is Combosquatting?
Combosquatting is a domain impersonation tactic where attackers register domain names by combining a legitimate brand name with extra words such as “login,” “support,” “billing,” “payment,” or “verify.”
Unlike typosquatting, this tactic does not rely on spelling mistakes. Instead, it uses the correct brand name with a convincing keyword to make the domain look official. For example, a fake domain may look like examplebrand-support.com or examplebrand-login.com.
How does Combosquatting Work?
Attackers create domains that appear related to real services, support teams, payment pages, delivery updates, or login portals. Then, they use those domains in phishing emails, fake ads, search results, text messages, or social engineering campaigns.
A user may click the link because the domain includes a familiar brand name. Once on the fake site, the attacker may try to collect credentials, payment details, personal information, or trick the user into downloading malware.
Common Signs of Combosquatting
Combo-squatted domains often include:
- Brand name plus login
- Brand name plus support
- Brand name plus billing
- Brand name plus payment
- Brand name plus verify
- Brand name plus delivery
- Brand name plus account
- Brand name plus secure
The danger is that these domains can look believable at a quick glance, especially when users are rushing or responding to urgent messages.
Combosquatting vs Typosquatting
| Factor | Combosquatting | Typosquatting |
|---|---|---|
| Method | Adds words to a real brand name. | Uses misspellings or typing mistakes. |
| Example style | brand-support.com |
brnad.com |
| User mistake needed? | Not always. The domain may appear in phishing links or ads. | Often relies on users mistyping a URL. |
| Main risk | Brand impersonation and phishing. | Redirects, scams, malware, or fake pages. |
Why is Combosquatting Risky?
Combosquatting can support phishing, credential theft, malware delivery, brand impersonation, fake support scams, and payment fraud. Since the domain contains the real brand name, users may trust it more easily.
For businesses, this tactic can damage brand trust, mislead customers, expose employees to phishing, and create security incidents if attackers steal login credentials.
How can Users and Organizations Reduce the Risk?
Users and organizations can reduce exposure by:
- Checking URLs carefully before entering credentials
- Using bookmarks for important login pages
- Avoiding links from unexpected emails or messages
- Enforcing MFA for business accounts
- Monitoring lookalike domain registrations
- Reporting suspicious domains quickly
- Using web filtering and phishing protection tools
- Training employees to spot suspicious URLs
Reducing Risk on Managed Devices
Combosquatting often succeeds when users visit deceptive websites from business devices. Hexnode can help reduce this risk by giving IT teams more control over web access on managed endpoints.
With Hexnode UEM, admins can use web content filtering to allow or block specific URLs on managed devices. This helps restrict access to suspicious or known malicious domains, while keeping users focused on trusted business resources. Hexnode’s web filtering feature allows admins to blocklist specific URLs or allowlist trusted websites on managed Windows devices.
Frequently Asked Questions (FAQs)
No. Combo squatting adds words to a real brand name, while typosquatting relies on misspelled domains or typing mistakes.
Attackers use them to make fake websites look trustworthy, often for phishing, credential theft, malware delivery, or payment scams.