Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.
Since the dawn of phishing way back in the 90s, one of the tactics phishers have used to deceive their victims is a domain name that is, at a glance, the same as the domain of the target site. For example, attackers who are building a phishing campaign to target customers of www.alluresecurity.com may go out and register a very similar domain, such as www.aliuresecurity.com orwww.ailuresecurity.com or www.alluresecurlty.com. They all look convincing enough to pass for the real domain name. Capital “i” looks a lot like lower case “L”. Because these domains are so convincing, monitoring new DNS registrations for look-alikes (or “typosquatting domains,” as they’re often called) has become a tactic that nearly every corporate security team employs. Free and effective tools like dnstwister are easy to use and accessible to all. Any organization can and should identify these potential attack domains and take action, right at registration time.
Unfortunately (or fortunately for the hacker), it doesn’t require a convincing-looking domain to make a successful phishing campaign. Late last year, McAfee published the results of a survey on phishing. Their key finding: 37% of American respondents admit that they don’t check an email sender or retailer’s website for authenticity. This means that attackers can put up their phishing sites anywhere they want. And they are doing exactly that; taking advantage of the fact that many people don’t do their diligence before clicking on links and conducting business online.
The researchers at Allure Security see the evidence of attackers bypassing domain monitoring every day. A spoof bank login hosted on a coffee shop’s website; a fake online dating login hosted on a ballet studio’s website, a malicious webmail login page hiding behind a beauty salon’s site. The list goes on – and these are just the ones where an attacker compromised someone else’s legitimate web domain to host their attack. We also see many instances where attack sites are hosted on short-lived domains with random looking names that appear to have no other purpose beyond hosting spoof brand pages.
Protecting your brand from today’s phishing attacks that target your customers requires a detection strategy that extends beyond domain monitoring. It’s critical to be able to find phishing and other brand spoof sites that don’t just imitate your domain name. Here are some tips on how to do that:
Phishing has become firmly established as the most prevalent attack vector on the internet. Until now, attackers have had an edge. We’ve been willing to blame the victims for clicking the wrong links. Mostly because there wasn’t another option. But thanks to innovative thinkers, like Artificial Intelligence Professors Sal Stolfo and Shlomo Hershkop, enterprises now can take back control.
It’s time for businesses to be more proactive about protecting their customers from these attacks. Victimized customers have been asking for years, “How did brand x let this happen to me?” Phishers rely on the trust your customers have in your brand. When that trust is violated, customers will be looking for someplace else to take their business. Going beyond domain monitoring to detect and shut down spoof sites gives you an opportunity to turn that frustration into long-term loyalty. Having the ability to shut down phishing attempts when your customers are targeted will instead have them saying, “Thank goodness brand x has my back.”
Contact us to learn more about how you can go beyond domain monitoring to protect customers and keep your brand’s reputation intact.
Posted by WILLIAM Moore