Spoofed Domain
A fraudulent website domain designed to closely mimic a legitimate organisation's domain in order to deceive users into thinking they are on the genuine site.
Also known as: look-alike domain, fake domain, phishing domain
Last reviewed: 1 June 2026
A spoofed domain is a web address registered by a fraudster that is designed to look like the domain of a legitimate organisation — a bank, government body, courier service, or major brand. The deception may rely on subtle letter substitutions (using 'rn' to mimic 'm'), added words (secure-bankname.com), alternative top-level domains (.net instead of .com), or punycode encoding that renders foreign characters visually identical to standard Latin letters.
Spoofed domains are the infrastructure behind many phishing campaigns. Criminals register the domain, create a convincing replica of the target site, and then send phishing emails with links directing victims to the fake site. Because the spoofed domain may have an HTTPS certificate (which only confirms the site is served securely, not that it is genuine), victims may see the padlock icon and assume the site is safe.
Spoofed domains have short lifespans: brand protection teams, domain registrars, and take-down services actively monitor for look-alike registrations and can have them suspended within days. Fraudsters counter this by registering domains in bulk and rotating them rapidly. Users should always manually type trusted domains or use saved bookmarks rather than clicking links in unsolicited messages.
Examples
- A fraudster registers 'secure-nationwidebank.co.uk' and creates a page identical to the real bank's login screen, then sends phishing emails with that link to thousands of customers.