We watch the global certificate-transparency feed and TLD newly-registered lists, and flag domains that look similar to yours.
What counts as a lookalike
- Typosquats (shieldmark.com, sheildmarc.com)
- Homoglyphs (Cyrillic letters, accented latin)
- TLD swaps (shieldmarc.io, shieldmarc.uk if not yours)
- Brand-stuff (shieldmarc-login.com, shieldmarc-secure.com)
Why we only alert on young domains
A domain registered three years ago that has a typo similar to yours is almost always a legitimate company elsewhere. We only alert on domains less than 90 days old, which is when fraud campaigns typically launch.
What an alert looks like
Daily digest email summarising new lookalikes since yesterday. You can mark each one as benign (suppresses similar future alerts) or escalate to your CISO via the dashboard.