In today’s world, pretty much every business has online customer interaction; due to this, cybercrime is rising, and phishing attacks are growing at a rapid pace in sophistication and usage. For this post, I am going to talk about domain name scams, primarily typosquatting, where an unaffiliated individual purchases a domain which is similar to a business’s, and then uses that domain to send its customers emails and notices.
Why does this occur? Well, creating and purchasing domain names is a relatively simple process with little-to-no governance involved. By obtaining a domain which is similar to one owned by a business, you can message their customer while appearing to be affiliated with their company and request payments or personal information. For example, say your company owns ‘www.randomcompany.com’ and someone purchases ‘www.randomcompany.co;’ as you can probably tell, the ‘m’ in .com is missing from the original address; however, for the unexpecting customer, they might not be so vigilant.
For a little background, there are several other variations of attacks that can be involved in a domain scam, besides the abovementioned typosquatting.
Domain Hijacking: occurs when somebody gains access to your domain registrar account details, thus gaining full control of all domain-based functions (changing/transferring domain name/DNS name servers, editing technical, personal, admin. details). When a domain is hijacked, attempting to reclaim ownership of it can be a lengthy process, especially when transferred to another registrar.
Domain Phishing: occurs via scam emails which route unsuspecting customers to fake websites posing as the original registrar’s sites. Within a phishing email, the attackers gain sensitive data such as banking information and personal details, which can then be utilized in identity theft.
Going back to our original issue, you have just woken up, checked your email, and unfortunately learned that a misspelled-version of your domain name is contacting your customers in hopes of obtaining a ‘missed payment.’ What can you do to stop the emails from happening, inform your customers of what to look out for, and most importantly, safeguard your domain to prevent any further attacks?
If your company has a legal team, they should be able to help you create your own plan of counterattack. Besides notifying your customers of the potential scam and adding a warning on your emails stating to only interact with it if the sender’s domain matches your own, legal actions should be taken immediately. While the effectiveness of contacting your/their registrars and informing them of the issue can vary, they might be able to put the domain on hold, preventing further re-sales/transfers; during this process, you will most likely be asked to authenticate your ownership of the account in question. For a list of approved Dispute Resolution Service Providers, check out ICANN.
How to Strengthen Your Domain Security
To prevent domain scams in the future, there are several methods to bolster your website’s defenses. Choosing the right domain registrar company is an excellent first step; be on the lookout for features such as two-factor authentication, DNS management, and 24/7 technical support.
If your registrar allows two-factor authentication (2FA), always enable it. 2FA ensures that even if an unauthorized individual has access to your domain’s username and password, they will have to get through a second layer of security to access your account (such as entering a code sent to your cellphone). Domain locking, while generally enabled by default by popular registrars, prevents unauthorized domain name transfers; this should always be on. ICANN WHOIS is a great tool to help reduce the amount of personal data you expose on the internet, including your (or your company’s) physical and email address, phone number, and other potentially sensitive information. Next, similar to all login credentials, your password’s sophistication and security practices need to be extensive and advanced. Passwords should have 8+ characters, avoid dictionary words, use a combination of numbers, symbols, lower/uppercase letters, as well as frequently changed. Furthermore, keep your domain’s contact details updated and not shared with anyone.
A single case of a hacked or stolen domain can significantly impact your business in numerous ways, potentially leading to declining sales, lower customer trust, reduced SEO rankings, or even the total loss of a company. Your domain name and its security are just as crucial as your apps, content, and coding; spend the extra money on a reputable registrar, backup service, and purchase the common spelling variations of your domain; you won’t regret it.