Domain spoofing is not taken seriously
Domain spoofing is a subset of website spoofing. It includes several sub-tactics, such as fake domains that mimic legitimate ones (e.g., micros0ft.com), so people feel safe clicking on a link when they shouldn’t. Homograph attacks utilise lookalike characters from other alphabets (e.g., аррle.com, which uses a Cyrillic letter that resembles an ‘a’ but isn’t), yielding similar results. With typosquatting, people might misspell a domain name (e.g., gooogle.com) and end up looking at a malicious forgery.
AI is inadvertently exacerbating the threat. Netcraft research found that AI chatbots returned the wrong URL for well-known brands almost as often as they returned the correct one. Out of 131 naturally-worded questions about web addresses, only 64 (66%) were answered with the brand’s verified site.
This is particularly worrying because people trust AI-generated answers, making them more likely to click through and trust the fake site that follows. URLs suggested by AI engines also often appear without context, like search snippets or verified domain badges, which can help people spot spoof sites before they arrive.
