Published: June 12, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
We know hackers are skilled at creating look-alike and typo domain names, and it’s never too soon to protect your online presence from their fakes and look-alikes. Doing so is an investment in your business and it can help keep you above the fray and out of trouble when hackers come knocking on your domain door. These names are the online identity for any business, large or small, and they need protection from scammers looking to do harm with spear phishing and typosquatting attacks.
Bogus domain names happen more than you might think. A report from Farsight Security found that between October 2017 to January of 2018, there were over 116,000 imitator domain names created in real time. Those fakes were for companies like Twitter and Facebook, luxury brands like Gucci, and Wells Fargo, and other financial websites. The preferred method of attack by hackers is using business email compromise (BEC) as the way into promoting fake domains. That means any business using email to communicate with customers (how many don’t?) is vulnerable to BEC. Among some of BEC’s “greatest hits” include look-alike domain names, invoice scams, account compromise and data theft.
Many customers assume an email is legitimate, and as a result, though not recommended they respond with the personally identifiable information (PII) they’re being asked for. A BEC email can have a bogus link to a website and when someone trusts and believes a look-alike domain is the real deal, all PII is at risk.
Subtle differences in a domain name are a hacker’s calling card. For instance, using look-alike characters from the Cyrillic language that mimic English characters fool most consumers into believing the bogus name is the real deal. Also, web page designs are easily duplicated by hackers, adding fuel to the fire when consumers can’t notice any difference from what they expect to see and trust.
Domain name and brand monitoring tools are available to alert you when a copycat name is created. However, being aware of a look-alike won’t stop a bad actor from purchasing it for their own use. Instead, it’s recommended that companies secure or purchase look-alike domains before an attack happens. Using services to find domain name fraud helps, but the key is getting ownership of the fake domain before a hacker does. Security experts believe it’s the most proactive way of thwarting a domain-duper, and the best way to keep your customer PII safe and your good domain name intact.
Beyond that, be sure to train all employees, regardless of level on anti-phishing skills which includes the number one tip of not clicking on attachments or links that are from unknown persons, are not expected, or are suspicious in any way. If the email requests PII, consider if sending it in email is a good practice. Email should never be considered a safe method of communication, so sending PII or confidential data that way is not advised.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org