My company uses email filtering, monitoring, DMARC, and all the latest tools – but oops, I forgot to protect against “lookalike” domains!
Imagine going to check out your investments with Charles Schwab. You accidentally type www.schwab.co instead of www.schwab.com, ending up on a malicious site. Or imagine if you received an email with a malicious link from who you thought was your trusted contact at Charles Schwab firstname.lastname@example.org – would you notice the domain difference and click on the link? Luckily, that would never happen with Charles Schwab because they take domain protection seriously and have locked down the wide variations of “lookalike” domains that are available for purchase.
Lookalikes are crafted to resemble a domain as closely as possible, replacing an “I” with a “1”, for example. It’s easy and cheap to set up. And since they appear to be legitimate domains (not black-listed), it’s effective in getting through traditional technology prevention tools. The goal is to trick users into making mistakes – clicking on malicious links/attachments, landing on a malicious or a competitor’s site by mistyping a domain, sending out payments, revealing passwords, giving out credit card details, etc. It’s a popular tactic you should be aware of used in spear-phishing and other cybercriminal scams.
As an advisor to your customers on security, locking down domains against lookalikes should be one of your essential considerations. They not only can cause financial losses, but trust in impersonated brands can get mauled in social media —along with everlasting Google links to nightmare headlines. Standard technologies like monitoring help in domain defence, BUT THEY AREN’T ENOUGH. As Norton/Lifelock and NBC security expert Jim Stickley says – “Monitoring alone will most likely result in you finding out you’ve been robbed AFTER you’ve been robbed.”
In one recent incident, cybercriminals used a pair of lookalike domains to steal $1 million from a venture capital fund working with a startup. The fraudsters registered two lookalike domains, impersonating each firm by adding an “s” to the end of their legitimate domain names. They then sent emails to the VC firm from the lookalike domain mimicking the startup, as well as emails to the startup from the lookalike posing as the VC firm. Thirty-one emails later, the fraudsters had impersonated various individuals within each firm, managed to get in-person meetings cancelled to reduce the chances of discovery, and had bank account details changed so that funds sent from the investment firm would end up in the scammers’ hands instead of the startup’s.
Do employ monitoring, but also own the lookalike domain variations. Monitoring domains will only alert you that a similar domain has been purchased, possibly for malicious intent. Owning the domains prevents them from ever being available for criminals and competition to use against a company’s staff and customers. However, this process can be difficult and time-consuming: which is why Stickley On Security created Domain Assure. It’s a simple, cost-effective, easy-to-use tool that automatically identifies the wide variety of lookalike/high threat domains, purchases them in seconds, and forwards traffic back to your customer. In addition, in situations where another person or organization already owns a potentially dangerous domain, you can track the status of the domain – and when appropriate, action is taken by SoS to have the site brought down. And while Domain Assure will lock down the most common threats to your customer, other similar domain names could still be used on the internet. For that reason, Domain Assure monitors all domains that have been purchased through the major domain providers in the world, looking for domain names that include your customer’s domain name in them. This keeps your customer aware of new threats to their domain that may appear on any given day.
Your customer’s doamain is an essential part of their brand. Protect that brand by preventing cybercriminals and competition from using lookalikes. Not only do impersonations drop precipitously, but so do the costs associated with finding and shutting down phishing sites, crisis management, legal services, and more.