Domain Phishing: Antidotes In Today’s Market

Uploaded on 2023-10-13 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Whether a large, international corporation or your neighbourhood’s favourite bakery, cybercriminals have discovered new formulas to try to swipe the credentials and life savings of citizens across the globe.

As a result, it’s not just big companies who need to be worried about domain phishing and spoof attacks - businesses of all sizes need to take practical steps to ensure they don’t fall prey to these tactics.

So, in an age where companies are reaping the benefits of digital transformation, what can be done to avoid being caught in the phishing net?

Reflecting On Our Technological Evolution

Just a few years ago, we experienced a powerful technology shift that businesses thought would only come 10 years from now. However, in the blink of an eye, companies were forced to digitally transform their systems and protocols during the pandemic.

While great for businesses, this new wave of technological innovation also made way for refined cyber attacks.

Cyber attacks have therefore found newer, smarter ways to try and infiltrate the market. And with technological advancements like generative AI now in everyone’s hands, cybercriminals have become more sophisticated in their phishing attempts as well. 

But whatever the sector, businesses are far from defenceless. By making some savvy decisions and deploying effective security measures, these risks can be overcome. 

Closing Off Phishing Loopholes

Businesses both large and small should consider additional security measures when starting or upgrading a web domain to help them stay safe. Buying from businesses that provide domain name protection is, therefore, the best solution to close any gaps within the system. 

Some crucial measures to go the extra mile in keeping a business protected from phishing attacks include homographic blocking. One of the best-known forms of domain phishing comes from swapping out characters within a company’s website domain name - camouflaging the imposter at first glance. This is often done by swapping out an “i” for an “¡”, which can help disguise an illegitimate website from its owner. Built-in homographic blocking technology eliminates these opportunities by identifying and blocking every malicious permutation of your domain name, preventing all future registrations, and keeping your brand intact. 

A brand’s digital identity can be its greatest asset in today’s technological landscape. Therefore, it is more important than ever to protect it from malware, spam, and phishing.

On top of built-in homographic blocking, it is important for businesses to lock down their valuable trademarks online. This is where a unique offering like the Domains Protected Marks List (DPML) comes in. In short, a service like this defensively blocks registrations of trademarked brands across a specific registry’s entire portfolio of domains. At the time of purchase, all domain names matching the trademarked brand within the portfolio are reserved, allowing only the trademark holder to register them going forward. It’s always worth taking the time to examine the additional security benefits and services domain name registrars have to offer, as each one will provide different solutions, often unique to them. 

Locking a domain at the registry level is a final measure that blocks unwanted domain modifications, transfers, and deletions to ensure your domains are safe. When a Registry Lock is requested, it ensures that any future modifications need to be authenticated via a secure, multi-step process through the registrar.

Spotting The Imposter

While solutions like the above are readily available for companies to utilise and provide peace of mind, it never hurts to educate both employees and customers on the signs of a phishing attack. So, how can we spot the difference?

A tell-tale sign of a phishing attack can be spotted through inconsistencies when in communication with employees or customers. This includes deviations in fonts, brand design or logos, website designs, and, of course, grammar and spelling.

Another helpful measure to encourage employees or customers to pause and reflect is with a few simple questions: Does my company or provider usually communicate to me in this tone of voice? Have they ever asked for certain credentials via their website in the past? Is there a padlock icon (a sign of encryption) displayed on their URL field? Do they ever communicate with me on certain platforms, such as SMS, or social media? By asking these questions, it becomes possible to spot the imposter lurking in your peripherals — and a means to keep them out.

Final Thoughts

Doubling down on security measures is the key to protecting not only your web address but your brand. So by checking your peripherals, you are saving both yourself and your company from the loss of private information or assets - not to mention, reputational damage should the worst happen.

The good thing is that the technology and solutions to keep imposters and fraudsters away are already within reach. In a world where cybercriminals have become smarter, we, as businesses and customers alike, should become wiser. 

Brian Lonergan is Vice President of Product Strategy with Identity Digital          Image: Cottonbro Studio

You Might Also Read:

Why Domain Protection Is A Key Pillar Of Cybersecurity:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Out-Sourcing Can Compromise Cyber Security
Understanding The Threat Of QR Codes & Quishing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

PETRAS IoT Hub

PETRAS IoT Hub

PETRAS is a consortium of 12 research institutions and the world’s largest socio-technical research centre focused on the future implementation of the IoT.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.