A brand identity represents who you are, builds trust with your customers, and distinguishes you from competitors. For this reason, it is one of your most valuable business assets.
On the internet, your domain name is the foundation of this identity, and its how customers find and recognize you online. So, when someone impersonates your domain, they’re not just creating a fake identity; they’re threatening the trust and reputation you’ve worked so hard to build.
Fake Domains
Fake .ke domains are fraudulent addresses designed to closely mimic legitimate Kenyan businesses, organizations, or government entities. Cybercriminals create these deceptive domains to mislead customers into believing that they are engaging with an authentic website.
The primary objectives of these fraudulent domains include:
- Deceiving users into believing they are interacting with an authentic website
- Stealing sensitive personal or financial information
- Spreading malware
- Conducting phishing attacks
- Damaging the reputation of legitimate brands
How to Recognize Domain Impersonation
Cybercriminals use different techniques to craft convincing fake domains. Some of these methods include, (but are not limited to the following):
- Typo squatting
Cybercriminals can register domains that contain minor misspellings of legitimate brands. They do this by taking advantage of common typing errors that users make. For instance:
Fake domain: standrdbank.co.ke
Legitimate domain: standardbank.co.ke
- Substituting Characters
Cybercriminals can use visually similar characters to create domains that appear real at first glance. For instance:
Replacing “l” with “1”: ken1c.or.ke instead of kenic.or.ke
Swapping “0” (zero) with “O” (letter O)
Such small changes can be difficult to notice when you are not alert, increasing your chances of falling victim.
- Other Tricks
Cybercriminals also use subdomains to make fake websites appear credible. For instance:
- They add extra words that seem relevant (e.g., secure-bank.co[.]ke)
- Use country or regional prefixes (e.g., ke-banking[.]com)
- Incorporate authentication sounding terms (e.g., verify-payment[.]co[.]ke
Why/How .ke Domains Protect Your Identity
A .ke domain serves as a mark of authenticity and trust for businesses operating in Kenya. When you register a .ke domain, you get to protect your brand identity in the following ways:
- Builds legitimacy & Trust: Customers are more likely to trust and engage with a verified .ke domain.
- Legal Protection: Registering a .ke domain assures you of legal ownership, this makes it harder for cybercriminals to impersonate your brand.
- Domain Security: At KeNIC, we have implemented various security features to secure your domain.
- Enhanced Brand Recognition: Do you know what is more Kenyan than the flag bracelet? A .ke Domain!
What Next for You?
With the knowledge that cybercriminals are advancing and getting more creative, it is important that you also take some action towards securing your personal and brand identity.
First, always double-check the domain you are accessing for name errors and inconsistencies.
Secondly, enable multi-factor authentication (MFA) to provide you with an extra layer of security. MFA will help prevent unauthorized access even if your credentials have been compromised.
For big businesses, you can consider registering variations of your domain that could be used by cybercriminals.
And if you are a business owner, educate your employees and customers on phishing threats and domain impersonation to reduce the risk of falling victim to such attacks.
Lastly, report suspicious domains: If you come across a fake .ke domain or suspect that a domain is fake, report it to cirt@ke-cirt.go.ke or send an email to support@kenic.or.ke
- Written by Esther Adwets – Cybersecurity Analyst