Brand Defense

Brand Defense monitors the external threat surface that attackers build before they target your members, constituents, or customers — the lookalike domains, typosquats, and impersonation infrastructure designed to exploit your institutional identity.

The Attack Pattern

The attack cycle for brand impersonation typically follows this pattern:

1. Attacker registers a lookalike domain (e.g., your-cu.org → your-ccu.org, yourcu-secure.com)
2. Attacker configures email infrastructure on the lookalike domain
3. Attacker sends phishing or BEC messages impersonating your organization
4. Members, constituents, or customers receive email that appears to come from your institution

By the time your team sees the first complaint, hundreds of messages may have already been delivered.

What Brand Defense Monitors

• Domain Registration — New registrations of domains that are visually or phonetically similar to your primary domain
• Certificate Transparency — SSL certificates issued for lookalike domains (attackers need certs to run convincing HTTPS phishing sites)
• Threat Intelligence Feeds — AbuseIPDB, ThreatFox, and other feeds for infrastructure already classified as malicious
• Similarity Scoring — Levenshtein distance, homoglyph detection, and character transposition patterns targeting your brand name

Takedown Coordination

When a confirmed lookalike domain is identified, VouchCore surfaces evidence packages through the Takedown Bridge — pre-formatted abuse reports for domain registrars, hosting providers, and threat intelligence platforms including Cloudflare, GoDaddy, Namecheap, Google Safe Browsing, and the PhishTank network.