Domain Phishing: Antidotes In Today’s Market

Whether a large, international corporation or your neighbourhood’s favourite bakery, cybercriminals have discovered new formulas to try to swipe the credentials and life savings of citizens across the globe.

As a result, it’s not just big companies who need to be worried about domain phishing and spoof attacks - businesses of all sizes need to take practical steps to ensure they don’t fall prey to these tactics.

So, in an age where companies are reaping the benefits of digital transformation, what can be done to avoid being caught in the phishing net?

Reflecting On Our Technological Evolution

Just a few years ago, we experienced a powerful technology shift that businesses thought would only come 10 years from now. However, in the blink of an eye, companies were forced to digitally transform their systems and protocols during the pandemic.

While great for businesses, this new wave of technological innovation also made way for refined cyber attacks.

Cyber attacks have therefore found newer, smarter ways to try and infiltrate the market. And with technological advancements like generative AI now in everyone’s hands, cybercriminals have become more sophisticated in their phishing attempts as well. 

But whatever the sector, businesses are far from defenceless. By making some savvy decisions and deploying effective security measures, these risks can be overcome. 

Closing Off Phishing Loopholes

Businesses both large and small should consider additional security measures when starting or upgrading a web domain to help them stay safe. Buying from businesses that provide domain name protection is, therefore, the best solution to close any gaps within the system. 

Some crucial measures to go the extra mile in keeping a business protected from phishing attacks include homographic blocking. One of the best-known forms of domain phishing comes from swapping out characters within a company’s website domain name - camouflaging the imposter at first glance. This is often done by swapping out an “i” for an “¡”, which can help disguise an illegitimate website from its owner. Built-in homographic blocking technology eliminates these opportunities by identifying and blocking every malicious permutation of your domain name, preventing all future registrations, and keeping your brand intact. 

A brand’s digital identity can be its greatest asset in today’s technological landscape. Therefore, it is more important than ever to protect it from malware, spam, and phishing.

On top of built-in homographic blocking, it is important for businesses to lock down their valuable trademarks online. This is where a unique offering like the Domains Protected Marks List (DPML) comes in. In short, a service like this defensively blocks registrations of trademarked brands across a specific registry’s entire portfolio of domains. At the time of purchase, all domain names matching the trademarked brand within the portfolio are reserved, allowing only the trademark holder to register them going forward. It’s always worth taking the time to examine the additional security benefits and services domain name registrars have to offer, as each one will provide different solutions, often unique to them. 

Locking a domain at the registry level is a final measure that blocks unwanted domain modifications, transfers, and deletions to ensure your domains are safe. When a Registry Lock is requested, it ensures that any future modifications need to be authenticated via a secure, multi-step process through the registrar.

Spotting The Imposter

While solutions like the above are readily available for companies to utilise and provide peace of mind, it never hurts to educate both employees and customers on the signs of a phishing attack. So, how can we spot the difference?

A tell-tale sign of a phishing attack can be spotted through inconsistencies when in communication with employees or customers. This includes deviations in fonts, brand design or logos, website designs, and, of course, grammar and spelling.

Another helpful measure to encourage employees or customers to pause and reflect is with a few simple questions: Does my company or provider usually communicate to me in this tone of voice? Have they ever asked for certain credentials via their website in the past? Is there a padlock icon (a sign of encryption) displayed on their URL field? Do they ever communicate with me on certain platforms, such as SMS, or social media? By asking these questions, it becomes possible to spot the imposter lurking in your peripherals — and a means to keep them out.

Final Thoughts

Doubling down on security measures is the key to protecting not only your web address but your brand. So by checking your peripherals, you are saving both yourself and your company from the loss of private information or assets - not to mention, reputational damage should the worst happen.

The good thing is that the technology and solutions to keep imposters and fraudsters away are already within reach. In a world where cybercriminals have become smarter, we, as businesses and customers alike, should become wiser. 

Brian Lonergan is Vice President of Product Strategy with Identity Digital          Image: Cottonbro Studio

You Might Also Read:

Why Domain Protection Is A Key Pillar Of Cybersecurity:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Out-Sourcing Can Compromise Cyber Security
Understanding The Threat Of QR Codes & Quishing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Ockam

Ockam

Ockam gives you the tools you need to establish an architecture for trust within your connected device applications.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.