Domain spoofing is an increasingly popular way for hackers to steal money or sensitive data. Look-alike domain registrations aim to divert online traffic to your website and redirect unsuspecting consumers to websites that contain malware, or prompt users to provide personal identifying information (PII).
Spoofed domains are commonly used in email spear-phishing campaigns. Cyber criminals, disguised as reputable businesses, can then target people with emails that prompt the recipient to click a link or respond with sensitive information. These tactics are increasing and show no signs of going away. Each year, nearly $3 billion are lost due to phishing attacks and network intrusions.
In this article, we will discuss the prevalence of look-alike domain registrations, how they are used to engage in cyber crimes, and how these hackers avoid detection.
We’ll also discuss how you can proactively protect your company from these harmful incidents, and touch upon how using AI and a cyber aware workforce can give you an extra touch of protection.
If you think your clients will be able to easily detect a copycat website or spear-phishing email, you’re most likely wrong. Even highly established corporations have fallen prey to these common tactics. Late last year hackers were easily able to steal $1 million from a Chinese venture capital firm by using domain spoofing and spear-phishing.
They achieved this by registering a domain that was identical to that of the firm, except with an additional “s” at the end. They then did the same thing for an Israeli startup the firm was looking to invest in by sending spear-phishing emails from both spoofed accounts. They were able to hijack the entire conversation and adjust the bank details for the financial transaction to ensure the funds landed in their own bank account.
To make matters worse, companies are increasingly being held accountable simply for neglecting to prioritize domain spoofing as a security concern. For example, in late 2018 British Airways was fined $230 million after cyber criminals diverted hundreds of thousands of customers to a fake website and used this to steal personal information.
It’s not always easy for even the most experienced cyber security expert to quickly detect and mitigate copycat domain registrations. Spoofed domains are increasingly looking more legitimate through using SSL certificates. For this reason, TLS certificates are often preferred by internet users, although granted they are far from being foolproof.
The total number of new domain name registrations grew to 370 million in 2020, so it’s not always possible to keep track of those that might be looking to spoof your own website. For this reason, many cybersecurity teams rely on automated features or tools that utilize artificial intelligence.
With 78% of business owners agreeing that artificial intelligence will have the greatest impact on the security of data in the future, it’s important to make sure that you can utilize this to your benefit. With emerging online brand protection tools that leverage AI, programs can parse through troves of data online to identify and take action when possible threats are perceived.
Because of the variety of ways in which hackers can create spoofed domains and wreak havoc, many cyber security experts recommend defensive domains as the best protective measure against hacking. This term refers to the practice of purchasing domain names similar to your website’s URL address to proactively prevent hackers who want to mislead your customers.
Your cyber security expert should also know that TLD (Top Level Domain) zone files contain a list of each domain registered for that exact TLD. Through the use of queries, your team can search for websites with similar names or keywords to determine if any are trying to spoof your company.
Furthermore, if the domain you have was purchased from a third party or intermediary who dealt with the ICANN on your behalf, this additional surface area can actually make your domain more likely to fall victim to cyber crime. Instead, see accreditation with the ICANN directly.
There are several measures that you can take to shield your organization from possible spear phishing attacks. The most important thing to do is to automate your security whenever possible. Just like your cyber security team may use automated testing for written code, there are programs such as Dynamic Application Security Testing tools that your company can use to automate the process of scanning for vulnerabilities while your various applications are running.
It’s also recommended that companies use DMARC, or Domain-based Message Authentication, Reporting and Conformance. This is an authentication protocol that prevents domains from being utilized to launch a phishing campaign.
This can be highly valuable, especially when you take into consideration that many email attacks are now launched from close-cousin domains. DMARC’s use is still quite limited as it only protects from spear-phishing email campaigns. It will do little to nothing to stop domain-spoofing incidents not involving email.
It’s also vital for your company or organization to ensure that all employees and contractors are cyber aware, as they can be the weakest links in terms of cyber security. Business email compromise attacks (BEC) entice people to reveal PII or click links in spear-phishing attacks. Hold regular training for all employees that remind them to always check the email address before opening an email.
Finally, employees should be mindful that a frequent contact will be recognized by name in your email system rather than displaying their full email address in the message, which can be a red flag. The best practice to avoid this is to install a virtual private network (VPN) to encrypt your internet connection.
Doing so will mask your IP address and conceal any data you store or transfer online. Just make sure that any VPN you use comes with L2TP or IKEv2 encryption protocols, which are far more effective than PPTP protocols. In addition to preventing phishing attacks, VPNs with these kinds of strong encryption measures can stop other common email threats such as typo-squatting or ransomware.
With the large amount of potential damage that can be done with copycat domain names, it’s important for businesses to stay on top of these schemes if they want to protect revenue and reputation.
The good news is that with a little bit of vigilance, a cyber aware workforce and the help of some AI or automated cyber security tools, your company can stay on top of the fakes. That way, you can focus on what really matters: building your business.
About the Author:
Samuel Bocetta is a former security analyst for the DoD, having spent 30-plus years bolstering cyber defenses for the Navy. He is now semi-retired and educates the public about security and privacy technology. Much of his work involved penetration testing Navy ballistic systems. He analyzed networks looking for entry points, then created security-vulnerability assessments based on findings. He also helped plan, manage and execute sophisticated “ethical” hacking exercises to identify vulnerabilities and reduce the risk posture of enterprise systems.