Combosquatting: When Scammers Add Words to Your Brand

What is Combosquatting?

Combosquatting is when attackers register domains that combine your brand name with common words. If your Shopify store is “Sunrise Coffee,” combosquatters might register:

• sunrisecoffee-shop.com
• buysunrisecoffee.com
• sunrisecoffee-official.com
• getsunrisecoffee.com
• sunrisecoffeesale.com

These domains look plausible—like they could be legitimate subbrands or promotional pages—making them effective for phishing.

Common Word Combinations

Attackers consistently use certain patterns:

Prefixes

• buy-
• get-
• shop-
• order-
• my-

Suffixes

• -shop
• -store
• -sale
• -official
• -online
• -deals
• -outlet

Descriptors

• -usa
• -uk
• -global
• -direct
• -wholesale

These combinations create thousands of potential domains for any brand.

Why Combosquatting is Harder to Prevent

Unlike typosquatting (registering misspellings), combosquatting uses real words that could legitimately be part of your business:

• You might actually want yourbrand-wholesale.com someday
• Word combinations are nearly infinite
• Each registration costs money to acquire defensively
• New word trends create new attack vectors

Defensive registration becomes impractical—you can’t register every possible combination.

Detection Strategies

Since you can’t prevent all combosquatting through registration, detection becomes critical:

Keyword Monitoring

Track new domain registrations containing your brand name plus common commerce words.

Certificate Transparency Logs

Monitor SSL certificate issuance for domains matching combosquatting patterns.

Ad Monitoring

Watch for ads using combosquatted domains targeting your brand keywords.

Customer Reports

Train support to recognize and escalate reports of suspicious “brand” domains.

Taking Down Combosquatted Domains

Combosquatting creates trademark infringement claims:

1. Document the domain: Screenshot the site, note the registrar
2. Assess the usage: Is it clearly trading on your brand? Selling counterfeits? Running scams?
3. File registrar complaint: Most registrars have abuse policies for trademark infringement
4. Consider UDRP: For persistent cases, formal dispute resolution may be necessary
5. Report to search engines: Get infringing sites removed from search results

Impact on Your Business

Combosquatted domains harm Shopify merchants through:

• Customer confusion: Shoppers can’t tell official from fake
• Diverted sales: Customers buy from fake sites
• Brand dilution: Poor-quality fake sites damage your reputation
• Ad competition: Scammers bid on your brand keywords
• Support burden: Customers contact you about orders from fake sites

How Recon Helps

Recon protects against combosquatting by:

• Monitoring for domain registrations combining your brand with common words
• Alerting you immediately when suspicious combinations are registered
• Prioritizing threats based on whether domains are active
• Providing takedown request templates and guidance

FAQ

Q: Should I register common combosquatting variations of my domain?

A: Register the most obvious and valuable combinations (like yourbrand-shop.com), but accept that you can’t register them all. Focus on monitoring and rapid response instead.

Q: How do I prioritize which combosquatted domains to pursue?

A: Focus on domains that are actively being used—especially those running fake stores or phishing operations. Parked or inactive domains are lower priority.

Q: Can combosquatters claim they’re not infringing?

A: Legitimate use of a brand name exists (like news or reviews), but running a competing store or scam site clearly infringes. Courts and UDRP panels regularly rule against commercial combosquatting.