Gone Spear Phishing!
March 21, 2019
Every consumer who buys goods or services online is potentially a target for cybercriminals in search of your personal information. This means that if you are a company conducting any business with customers online, it pays to make sure that your domain names are free and clear of phishing attacks. Otherwise, the damage to your reputation could be serious and, in some cases, fatal.
Traditional methods of generating revenue from cybersquatted domains, such as pay per click sites, have diminished in value as consumers have moved away from direct navigation. We have recently seen a new trend where cybersquatters will register look-alike domains, whether typos or common-sense combination names, enroll them in the same ad platforms, but also use them for both errant email capture and outbound spear phishing campaigns.
Spear phishing is widely used by cybercriminals to gather private information, distribute malware and hack into a company database.
A spear phishing attack usually comes in the form of an email that appears to be from a legitimate source. Often times, this leads the recipient of the email to click on a link and fill out personal information or open an attachment that installs malware.
Spear phishing attacks come in a variety of forms. In addition to email spoofing, bad actors are increasingly turning to email addresses hosted by a domain name highly similar to a legitimate domain name.
In the example below, the email is coming from a site that appears legitimate (uscourts.com). However, if you navigate to the site there is no question that it is a fraudulent site.
In another recent example, we have seen clients fall victim to spear phishing attacks that focus on employment scams. Emails are sent out to people telling them that they have been selected to apply for a job at the company. The recipient then clicks on a link and fills out personal information which is collected by the cybercriminal with malicious intent.
The personal consequences for the consumer getting phished can be devastating. The consequences for a brand unknowingly caught up in this type of scam can be also devastating for brand reputation, lost sales, and an undermining of customer trust and loyalty.
When analyzing infringing domains, brands must go the extra step of reviewing DNS records. In particular, be sure to check to see if a domain has an MX record associated with it. The existence of such a record is a sign that the domain might be used as a part of such spear phishing scam.
In some cases, you may find that a website using a similar domain name to yours has been set up to capture emails that have been mistakenly addressed. The purpose is the same. The criminals are phishing for information. While this is a far less effective method for gaining personal information, companies should nevertheless be mindful of this scheme and act accordingly.
Beware of phishing expeditions! Carefully monitor your brand online to preserve your reputation and customer loyalty.