Domain Phishing: Antidotes In Today’s Market

Uploaded on 2023-10-13 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Whether a large, international corporation or your neighbourhood’s favourite bakery, cybercriminals have discovered new formulas to try to swipe the credentials and life savings of citizens across the globe.

As a result, it’s not just big companies who need to be worried about domain phishing and spoof attacks - businesses of all sizes need to take practical steps to ensure they don’t fall prey to these tactics.

So, in an age where companies are reaping the benefits of digital transformation, what can be done to avoid being caught in the phishing net?

Reflecting On Our Technological Evolution

Just a few years ago, we experienced a powerful technology shift that businesses thought would only come 10 years from now. However, in the blink of an eye, companies were forced to digitally transform their systems and protocols during the pandemic.

While great for businesses, this new wave of technological innovation also made way for refined cyber attacks.

Cyber attacks have therefore found newer, smarter ways to try and infiltrate the market. And with technological advancements like generative AI now in everyone’s hands, cybercriminals have become more sophisticated in their phishing attempts as well. 

But whatever the sector, businesses are far from defenceless. By making some savvy decisions and deploying effective security measures, these risks can be overcome. 

Closing Off Phishing Loopholes

Businesses both large and small should consider additional security measures when starting or upgrading a web domain to help them stay safe. Buying from businesses that provide domain name protection is, therefore, the best solution to close any gaps within the system. 

Some crucial measures to go the extra mile in keeping a business protected from phishing attacks include homographic blocking. One of the best-known forms of domain phishing comes from swapping out characters within a company’s website domain name - camouflaging the imposter at first glance. This is often done by swapping out an “i” for an “¡”, which can help disguise an illegitimate website from its owner. Built-in homographic blocking technology eliminates these opportunities by identifying and blocking every malicious permutation of your domain name, preventing all future registrations, and keeping your brand intact. 

A brand’s digital identity can be its greatest asset in today’s technological landscape. Therefore, it is more important than ever to protect it from malware, spam, and phishing.

On top of built-in homographic blocking, it is important for businesses to lock down their valuable trademarks online. This is where a unique offering like the Domains Protected Marks List (DPML) comes in. In short, a service like this defensively blocks registrations of trademarked brands across a specific registry’s entire portfolio of domains. At the time of purchase, all domain names matching the trademarked brand within the portfolio are reserved, allowing only the trademark holder to register them going forward. It’s always worth taking the time to examine the additional security benefits and services domain name registrars have to offer, as each one will provide different solutions, often unique to them. 

Locking a domain at the registry level is a final measure that blocks unwanted domain modifications, transfers, and deletions to ensure your domains are safe. When a Registry Lock is requested, it ensures that any future modifications need to be authenticated via a secure, multi-step process through the registrar.

Spotting The Imposter

While solutions like the above are readily available for companies to utilise and provide peace of mind, it never hurts to educate both employees and customers on the signs of a phishing attack. So, how can we spot the difference?

A tell-tale sign of a phishing attack can be spotted through inconsistencies when in communication with employees or customers. This includes deviations in fonts, brand design or logos, website designs, and, of course, grammar and spelling.

Another helpful measure to encourage employees or customers to pause and reflect is with a few simple questions: Does my company or provider usually communicate to me in this tone of voice? Have they ever asked for certain credentials via their website in the past? Is there a padlock icon (a sign of encryption) displayed on their URL field? Do they ever communicate with me on certain platforms, such as SMS, or social media? By asking these questions, it becomes possible to spot the imposter lurking in your peripherals — and a means to keep them out.

Final Thoughts

Doubling down on security measures is the key to protecting not only your web address but your brand. So by checking your peripherals, you are saving both yourself and your company from the loss of private information or assets - not to mention, reputational damage should the worst happen.

The good thing is that the technology and solutions to keep imposters and fraudsters away are already within reach. In a world where cybercriminals have become smarter, we, as businesses and customers alike, should become wiser. 

Brian Lonergan is Vice President of Product Strategy with Identity Digital          Image: Cottonbro Studio

You Might Also Read:

Why Domain Protection Is A Key Pillar Of Cybersecurity:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Out-Sourcing Can Compromise Cyber Security
Understanding The Threat Of QR Codes & Quishing »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Secunet Security Networks

Secunet Security Networks

Secunet is a leading cyber security company offering a combination of consultancy and products, delivering the highest level of security for data, applications and digital identities.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

CyberScout

CyberScout

Cyberscout delivers the latest cybersecurity education, protection and resolutions services. We also provide swift incident response services around the world.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

ESL Bangladesh

ESL Bangladesh

ESL is the Largest IT Infrastructure & Telecom Service Provider in Bangladesh.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Arctera

Arctera

Arctera simplifies data management to keep you secure. Our company operates as three units - Data Compliance, Data Resilience, and Data Protection.

Fisch Solutions

Fisch Solutions

Fisch Solutions offer IT Support & Cybersecurity for small to mid-sized businesses, government, and not-for-profit organizations in the New York, New Jersey, Connecticut tri-state area and beyond.