Why criminals spoof your domain name

Phishing and fraud remain serious problems


To many people, online security requires nothing more than good antivirus software, perhaps along with anti-malware software and anti-ransomware software. However, as Adenike Cosgrove from Proofpoint explains, domain spoofing, phishing, and online fraud are becoming increasing problems.

Cheap and easy domain registration, coupled with the introduction of new Top-Level Domains (TLDs), has led to a sharp increase in domain fraud. As attackers take advantage of this evolving domain landscape to target businesses and their customers, identifying and nullifying fraudulent domains is becoming progressively complex and the risk of email fraud continues to increase. 

As the legitimate domain universe has expanded, so too has the registration of their fraudulent counterparts. Total quarterly domain registrations rose 44% between Q1 and Q4 2018, with fraudulent registrations up 11% over the same period.

Such is the scale of the issue that 76% of organisations found lookalike domains posing as their own. A new tech-related TLD, .dev, launched in February of this year. Within two weeks, 30% of organisations found potentially fraudulent domains using it with their brand name. 

And attackers are not just increasing in number but in ingenuity too. There is no single smoking gun when it comes to spotting fraudulent domains. Attackers use a range of tactics, including:

  • TLD squatting – registering identical brand-owned domain names with different TLDs – .co instead of .com, for instance. 
  • Typosquatting – also known as URL hijacking, consists of registering sites close to someone else's brand or copyright, that targets Internet users who incorrectly type a website address into their browser (e.g., “Gooogle.com” instead of “Google.com). 
  • Lookalike Domains – replacing letters with similar looking characters – using the letter m in the place of rn, or a capital I in the place of a lower-case l, for example.

Many fraudulent domains, 26%, even have security certificates, undoing years of advice to “trust the padlock” when it comes to spotting anything untoward. This invigorated approach to domain fraud is driving a resurgence in yet another familiar form of attack: phishing. 

Counting the cost of domain fraud

Failing to properly protect your digital footprint from fraudulent domains not only opens your customers up to the risk of fraud, scams and identity theft, it can also have severe consequences for your business. 

Domain squatting alone can prove costly. Spoofed domains could divert traffic from your site, taking ad revenue with it. Or worse still, sell counterfeit products or services, impacting revenues and damaging consumer trust. The Methbot scheme that spoofed 6,000 U.S. domains in recent years, siphoned off $5 million in fraudulent revenue per day.

Add a phishing attack into the mix and you’re potentially facing a much bigger problem – long-term damage to your reputation. In light of several, recent high-profile breaches, along with the introduction of GDPR, consumers have never been more engaged with their data-selves. 

Companies that fail to protect that data tend to pay a price – 73% of customers would reconsider using a company if it fails to keep their data safe while 30% say they would definitely take their business elsewhere. 

Protecting your digital footprint

Your digital footprint is a key part of your business, providing a vital link between you and your customers and shaping the experience they have with your brand. 

Unfortunately, it also exposes you to digital risk – particularly when it comes to domain fraud which targets your company and its customers via IT infrastructure often outside your control. 

To ensure you protect your digital footprint, and in turn, your customers and your reputation, you need to take back control of that digital infrastructure. You likely already take precautions to protect your legitimate domains from attack, now you need to do the same for similar, suspicious or infringing domains, too. 

Scan domain registries to find out which TLDs are available with your domain name and which are registered. Take action against those that may be infringing your brand or present a security risk. If you’re in a position to do so, buy up similar domains to your own – including common misspellings and those with alternative TLDs. 

You must also remain vigilant. Be sure to continuously monitor the space around your digital footprint for suspicious activity such as new domain registrations. To keep pace with cybercriminals’ increased use of fraudulent domains, it’s vital that you take a proactive approach, harnessing all available tools to protect your revenues, your reputation and your customers.