Calculator Inputs
Enter brand visibility, suspicious asset signals, and protection coverage. Results appear above this form after submission.
Example Data Table
| Brand | Suspicious Domain | Reports | Protection Coverage | Risk Score | Band |
|---|---|---|---|---|---|
| Acme | acme-login-support.com | 11 | 59% | 74.20 | High |
| BlueWave | bluewave-secure-help.net | 6 | 71% | 58.60 | Elevated |
| NorthBridge | northbridge-auth-check.org | 3 | 82% | 39.90 | Guarded |
Formula Used
This calculator uses a weighted heuristic model for brand impersonation exposure. It is designed for prioritization and trend analysis.
- Domain Similarity % = best match from normalized string similarity methods.
- Similarity Risk = (55% domain similarity) + (25% visual similarity) + (20% clone similarity) + structure bonus.
- Infrastructure Risk = (50% domain age risk) + (25% WHOIS privacy risk) + (25% SSL risk).
- Exposure Risk = (35% phishing reports) + (25% keyword abuse) + (20% region spread) + (20% search visibility).
- Protection Gap Risk = (30% email auth gap) + (25% takedown gap) + (25% social gap) + (20% monitoring gap).
- Overall Risk Score = (35% similarity) + (20% infrastructure) + (20% exposure) + (25% protection gap) + incident momentum.
- Estimated Monthly Incidents = attack pressure × compromise rate.
- Estimated Monthly Loss = estimated monthly incidents × average incident cost.
How to Use This Calculator
- Enter the legitimate brand name and the suspicious domain or URL.
- Score how closely the suspicious site matches your visual identity and page layout.
- Provide domain age, SSL status, and WHOIS privacy details.
- Add threat activity signals such as recent reports, keyword abuse, and affected regions.
- Estimate current protection strength using email, monitoring, social verification, and takedown readiness percentages.
- Enter historical incident count and average incident cost to estimate operational impact.
- Click Calculate Risk to show results above the form.
- Use the CSV or PDF buttons to export the result summary.
FAQs
1. What does this calculator measure?
It estimates how likely a suspicious domain or cloned asset is to create brand impersonation harm. The model blends similarity signals, exposure, infrastructure indicators, and defensive coverage into one prioritization score.
2. Is the score a confirmed fraud verdict?
No. It is a risk-ranking tool, not forensic proof. Use it to prioritize review, takedown, and monitoring work alongside analyst judgment, threat intelligence, and legal or platform-specific evidence.
3. Why does domain age matter?
Very new domains often appear in short-lived impersonation campaigns. A fresh registration, especially with privacy shielding and poor certificate hygiene, can increase suspicion when other brand-matching signals are also present.
4. What is protection gap risk?
Protection gap risk reflects missing controls around email authentication, brand monitoring, social verification, and takedown readiness. Lower coverage means impersonation attempts may persist longer and reach more targets.
5. How should I choose similarity percentages?
Use analyst judgment or internal criteria. Compare logos, page structure, color system, language, login prompts, offer text, and call-to-action design. Higher matches should receive higher values.
6. Can I use this for social impersonation pages?
Yes. Treat the suspicious page or profile as the target asset. Enter the closest matching URL or identifier, then score visual similarity, exposure signals, and defense coverage the same way.
7. What does the monthly loss estimate mean?
It is a directional planning estimate built from attack pressure, compromise probability, and your average incident cost. Use it for prioritization and reporting, not audited financial forecasting.
8. How can I lower the score?
Improve email authentication, increase monitoring coverage, accelerate takedown readiness, close verification gaps, and investigate suspicious assets quickly. Reducing visible abuse signals will also bring exposure scores down.