Know your Domain
Phishing is big business. In Australia, recent data from the OAIC (the Office of the Australian Information Commissioner) shows that 43% of all reported Cyber incidents last quarter were the result of phishing. Hacking, Ransomware, and Malware combined only made up 25% of reported breaches.
Domain Phishing is a key factor in making a phishing site appear legitimate. For the uninitiated – Domain Phishing is when an attacker registers a domain name similar to that of a trusted website and hosts a cloned version of your site on this domain – to steal user credentials.
Unlike phishing attempts which use easily detectable, fake-looking URLs, domain phishing attacks can fool even savvy users.
Domain phishing can also be accomplished by registering a domain where letters are appended to the end of a legitimate, or one letter is omitted, or vowels are swapped. Advanced domain phishing can involve registration of extremely similar domains en masse, obtained through techniques such as bitsquatting – registration of hundreds or even thousands of domain names 1-bit different from a legitimate domain.
If you have not closed the door to Domain Phishing, now is the time. As more and more major brands remove their candidate domains from the market, attackers are forced to go after smaller organisations.
Do not let your company be the next target for a domain phishing attack.
To learn more about the history and lifecycle of a domain, check out the below infographic from our friends at Hosting Tribunal.