← Back to detection methods

Hyphenation

Detection of malicious domains that insert hyphens or dots to mimic legitimate brand names.

What is Hyphenation Squatting?

Hyphenation squatting is a domain squatting technique where attackers insert hyphens (-) or dots (.) into legitimate brand names to create deceptive domains. These domains appear professional and legitimate, making them particularly effective for phishing attacks.

The technique exploits the fact that many users don't notice or understand the significance of additional punctuation in domain names, especially when presented in professional-looking emails or websites.

How We Detect It

Our hyphenation detection algorithm analyzes domain names by:

  • Removing all hyphens and dots from the domain name
  • Checking if the resulting string matches your monitored keywords
  • Analyzing hyphen placement patterns commonly used in phishing
  • Identifying domains that separate legitimate brand names with punctuation

Real-World Examples

Brand Name Separation

High Risk
paypal.compay-pal.com

The hyphen separates "pay" and "pal", making it appear like a legitimate variation.

Multiple Hyphens

High Risk
microsoft.commicro-soft.com

Breaks the brand name into recognizable parts, appearing more trustworthy.

Dot Insertion

Medium Risk
facebook.comface.book.com

Uses dots instead of hyphens, creating a subdomain-like appearance.

Strategic Hyphenation

High Risk
linkedin.comlinked-in.com

Separates compound words in a way that appears natural and professional.

Why Hyphenation Attacks are Effective

  • Professional appearance: Hyphens make domains look organized and legitimate
  • User confusion: Many users don't understand domain name rules
  • Email effectiveness: Hyphenated domains work well in phishing emails
  • Bypass basic filters: Simple keyword matching misses hyphenated variants

Common Hyphenation Patterns

Attackers typically use these patterns when creating hyphenated phishing domains:

Word Boundary Separation

Inserting hyphens at natural word boundaries within compound brand names.

youtube → you-tube, instagram → insta-gram, snapchat → snap-chat

Syllable Breaking

Breaking brand names at syllable boundaries to create natural-looking segments.

amazon → ama-zon, twitter → twit-ter, spotify → spo-ti-fy

Prefix/Suffix Separation

Separating common prefixes or suffixes from the main brand name.

outlook → out-look, netflix → net-flix, dropbox → drop-box

Detection Accuracy

Our hyphenation detection provides excellent coverage because it:

  • Analyzes all possible hyphen and dot placements
  • Works with multi-word brand names and compound terms
  • Catches both obvious and subtle hyphenation attempts
  • Maintains low false positive rates by focusing on exact matches

Prevention and Response

When we detect hyphenated versions of your brand names, consider these actions:

  • Investigate the domain for malicious content or phishing pages
  • Consider defensive registration of critical hyphenated variations
  • File trademark infringement complaints for clear violations
  • Monitor for associated phishing campaigns or malicious activity

Learn More

Explore our other detection methods to understand how we provide comprehensive brand protection:

Combosquatting →Typosquatting →Subdomain Squatting →