Brian Lonergan, Vice President of Product Strategy at Identity Digital, outlines key domain protection protocols businesses can employ to mitigate attacks.
The manner in which the world has adapted to technology over the past few years is remarkable. In fact, it was not too long ago that we experienced a digital transformation that was thought to arrive a decade from now.
Unfortunately, however, cyber criminals have adapted to the times as well – finding newer and more intricate ways to infiltrate the market.
Today, one of the most infamously practiced forms of cyber crimes is that of phishing. With phishing now being so prolific, we too need to be more tactical in our defenses against such cyber attacks.
For domain phishing in particular, there are three methods cyber criminals tend to use when wishing to lure their prey.
Below, we discuss them and some key ways businesses can employ domain protection protocols to protect themselves, their customers, and employees in our modern economy.
Homographic attacks
One of the most common forms of phishing includes homographic spoofing, which is done by swapping out the characters of a professional company’s web address so as to impersonate that respected business. An example of how a cybercriminal can execute this type of attack is by switching the letters ‘oe’ with the letter ‘œ’ for all appropriate domain names.
To avoid such attacks from occurring, an efficient domain protection method is an investment in homographic blocking. Built-in homographic blocking is a tool offered by some registries that instantly protects permutations of your domain names – preventing any potential spoofers who wish to disguise themselves as your company.
As an employee or customer, a way to spot such tricksters online, day-to-day, is by keeping your browser productivity tools updated. As creatures of habit, how we access and navigate our applications can affect our ability to spot homographic attacks, making us vulnerable to their ruse.
Impede their next move with a Domain Protected Marks List
If cyber criminals cannot spoof your brand’s keyword through character swaps, they will often attempt to utilise alternate top level domains. For example, if your domain name is ‘austin.coffee’, cyber criminals will impersonate your site with the web address ‘austincoffee.shop’ or ‘austincoffee.cafe’.
The Domain Protected Marks List (DPML) is a valuable service trademark holders can leverage to mitigate this type of attack. Once purchased, domain names matching your trademarked brand name are helpfully enlisted and reserved within the domain portfolio. This unique function only permits the trademarked holder to register those domain names in future, ensuring both the domain and brand’s protection from phishing.
Domain protection tools of this nature help bring peace of mind to their respective owners due to their benefits for both the technology and marketing sectors. It’s, therefore, worth shopping around to see which domain providers can deliver the right security measures for your business.
In order to spot websites impersonating respected companies, it’s important to look out for the telling signs of a spoofed domain. Cyber criminals are usually spotted through their use of language (poor grammar and spelling), communication tactics (tone of voice not in line with the real company), and branding designs (fonts and colours inaccurate to the brand).
It’s also best to think twice before providing any newly requested credentials. In fact, calling the appropriate department at your company for extra assurance ahead of sharing new data. This helps verify the legitimacy of the request.
Protect your domain with Registry Lock
Oftentimes, once you have blocked the common routes of phishing, cyber criminals can choose to steal your domain name altogether as another option. In the world of cyber crime, this type of attack is often termed domain hijacking.
Domain hijacking is done by tricking the rightful owners of websites into providing access to their domains.
As a result, the ownership of the domain is transferred to the cyber criminal, blocking the legitimate owner from having administrative access and control to their domain(s). Once the cybercriminal hijacks the domain, they can change the site’s content and use it for phishing and other nefarious purposes.
To avoid such cases from occurring within your business, it’s recommended to invest in a Registry Lock. A Registry Lock is a service that locks access to your domain at the registry level, with a multi-step authentication process required in order to make modifications. This process helps block unwanted transfers, deletions, and modifications to your domain.
The best part? The authentication process can only be requested through your registrar, ensuring its safety from cyber criminals.
Efficient domain protection methods are vital
Since cybercriminals have been around for such a significant amount of time, we are used to their antics and can spot their ploys when vigilant. Therefore, by creating the right strategy and using the right tools, we can combat the phishing tactics sent our way.
Implementing the right cyber security measures within your organisation not only defends it from cyber criminals, but in turn, protects your company from reputational damage or asset loss. Cyber criminals may have gotten smarter in their schemes, but with our wisdom, we can remain a step ahead of their next move.