Proofpoint, a leading cybersecurity and compliance company, and one of our partners, released its 2019 Domain Fraud Report. In the report, Proofpoint shares the details of their analysis of over 350 million domains. While also uncovering existing trends and threats shaping the domain landscape.
What is domain fraud?
Domain fraud, like most of today’s cyber threats, targets “people rather than infrastructure.” To target users, cybercriminals use social engineering to trick victims into believing that the domains they are accessing are legitimate. And sadly, most of the time they are successful.
What techniques are cybercriminals using?
According to Proofpoint, registrations for fraudulent domains increased by 11% between Q1 and Q4 2018. Even worse, the fraudulent domains detected are active with more than 90% associated with a live server. Additionally, “more than 15% have mail exchanger (MX) records, indicating that they send and/or receive email. And 1 in 4 have security certificates, which many internet users mistakenly equate with legitimacy and security.”
One of the most worrying tactics disclosed in the report is a method in which malicious actors “hide in plain sight.” They do this by using the same top-level domain (TLD) — i.e., .com, .net, or .co.uk — to create lookalike domains in order to exploit existing legitimate domains.
“Fraudsters add or change as few characters as possible in the company’s brand domain. These changes are often so subtle that they are difficult for visitors to detect. For example, the letter “m” can be replaced by the letters “r” and “n” to give the appearance of “m.” In the case of acmeanvils.com, the lookalike domain would appear as in acrneanvils.com.
Our code-cracking brains naturally “autocorrect” these lookalike spellings to make sense of them. Attackers know this and exploit this tendency regularly.”
Top-level domain attacks impact all industries. In fact, the report discovered that 96% of organizations found exact matches of their brand-owned domain with a different TLD (e.g., “.net” vs “.com”) and 76% observed had “lookalike” domains posing as their brand.
Another alarming tactic Proofpoint researchers discovered is that 26% of cybercriminals use security certificates in their domain name. “This finding is especially concerning because all those years of “trust the padlock” training have led many internet users to perceive these sites as legitimate.”
How can you protect your business?
There are several steps businesses can take to minimize domain fraud, and those steps are:
1. Choose your domain registrar wisely
When choosing a domain registrar company, don’t make a decision solely on the price. It’s important to pay attention to their security features as well, and some things to take into consideration are whether or not they offer 2-factor authentication, DNS management and, in the event of an attack, 24-hour technical support.
2. Use Multi-factor authentication
We’ve said this before in previous articles, but it’s worth saying again: use two-factor authentication. It can help save your business, literally.
3. Enable domain locking
Domain locking is a security feature of top-level domains (TLDs). It prevents changes from being made to a domain name such as changes to ownership contact details, changes to a domain’s Nameservers (DNS), the ability to transfer a domain between registrars or to change ownership of the domain name.
4. Keep your domain contact details up to date
Although it may seem like an obvious point, sadly, a lot of domains are stolen because of outdated contact information. So keep your contact information up to date that way, your registrar can alert you should something happen.
If you’re new to this whole domain business and need help navigating the landscape, we can help. Along with providing comprehensive cybersecurity to businesses of all sizes, we also work with businesses to design beautiful websites. And, offer a range of SSL options to ensure that your public sites and servers protected and in line with industry best standard. Reach out to us if you need help.
To view the full Domain Fraud Report, click here.