CATPHISH is a domain-checking tool designed to monitor domains related to your primary organisational domain. It ensures that no one else is using your domain for malicious activity. This knowledge base article explains how to access and use CATPHISH.
With this tool, you can see the domain name and exactly what changes have been made to make it look similar to yours, check for any DNS records, obtain evidence that the domain is malicious or impersonating you, receive guidance on next steps, and even generate correspondence if required.
- How to access CATPHISH
- How to generate look-a-like domains based on your primary domain
- Reviewing look-a-like domains (DNS, Evidence, Guidance, Correspondence)
- How to add new domains
How to access CATPHISH
If you are unable to see the CATPHISH option, it probably means your account is not yet enabled for this feature. Please speak to your account manager about adding CATPHISH.
- Log in to Phishing Tackle, and from the left-hand menu, find information security > CATPHISH > Domains
How to Generate Look-Alike Domains Based on Your Primary Domain
A look-a-like domain is a web address created to resemble a legitimate domain name. This is often done by swapping letters for numbers, adding extra characters, or using similar looking characters from other alphabets. They do this to trick people into thinking it is a real site. Look-a-like domains are commonly used in phishing attacks to steal logins, payment information or spread malware.
Please note that not all domains will have look-alike domains, so some organisations may not see a list appear.
- In the left-hand menu under CATPHISH, click Domains.
- Select the Generate Look-Alike Domains Based on the Registered Primary Domain button at the top left of the page.
- After clicking this button, a list of look-alike domains will be displayed. For each domain, you can also see the risk score, registry date, and the last checked date.
Reviewing Look-Alike Domains
Once your list of look-alike domains has been generated, you can examine each domain in detail to gain a better understanding of them.
Domain
This section displays the domain name in the domain field and indicates whether monitoring is active. You can also view the risk score for Registered, Similar, MX Record, A Record, Website, and Nameserver. Above the chart, the overall risk score and similarity rating are shown, with a maximum similarity rating of 1, where a lower score indicates less similarity.
DNS
All DNS records are displayed in this section. The DNS records shown are only for the selected domain.
Evidence
Any available evidence will be displayed here, such as a screenshot of a fraudulent website.
Guidance
This section offers general guidance on potential next steps, such as pursuing legal action. Please note that it has been generated by AI and should not be relied upon as professional advice or guaranteed to be factually accurate.
Correspondence
This section will generate a sample correspondence for your use. You can adjust the severity of the tone from passive to aggressive. Once you have selected your tone and jurisdiction, click the Generate Correspondence button at the top right of the page. To copy the correspondence for use, click the Copy Correspondence button.
For more information about placeholders, please visit our help article by clicking here.
How to add new domains
- In Phishing Tackle, from the left-hand menu under CATPHISH, click Domains.
- Then select the Add New Domain button at the top right of the page.
- After clicking this button, a page will appear where you can enter the domain details.
- Then simply enter the domain name and enable monitoring.
Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com