Domain Spoofing
Faking or imitating a trusted domain in links or email addresses.
How it appears in scam messages
Domain spoofing makes a link or email address look like a trusted brand by using look-alike characters, extra words, or unusual endings — for example a name like 'secure-paypal-login' or 'apple-id-verify' on a domain the brand does not own. The real brand name is buried in the middle so a quick glance reads as genuine. The page or inbox behind it is controlled by the scammer.
Example only - do not act on it
Example only: an email that appears to come from 'paypaI-support' — a capital i replacing the L — rather than the brand's real address.
Why it matters
It makes phishing pages and emails look authentic.
Common red flags
- Brand name buried inside a longer or hyphenated domain
- Look-alike characters such as 0 for o, capital I for l, or rn for m
- Unusual endings or country codes for a familiar brand
- The 'from' address does not match the brand's real domain
Safe next steps
- Stop and verify through official channels you find yourself
- Never share codes, passwords, or card details from a message
- Use the message checker if you are unsure
- Report and block the sender
Related scam-type hubs
Related red flags
Frequently asked questions
How can I avoid domain spoofing?
Slow down, never act on urgency, and verify through official apps or websites you open yourself. Use the free checker if a message seems off.
What if I have already been affected?
Contact your bank or the relevant provider through official channels, change any exposed passwords from a trusted device, and save evidence. See our recovery guides.