Why criminals spoof your domain name

Why criminals spoof your domain name
(Image credit: Pixabay)

To many people, online security requires nothing more than good antivirus software, perhaps along with anti-malware software and anti-ransomware software. However, as Adenike Cosgrove from Proofpoint explains, domain spoofing, phishing, and online fraud are becoming increasing problems.

Cheap and easy domain registration, coupled with the introduction of new Top-Level Domains (TLDs), has led to a sharp increase in domain fraud. As attackers take advantage of this evolving domain landscape to target businesses and their customers, identifying and nullifying fraudulent domains is becoming progressively complex and the risk of email fraud continues to increase. 

As the legitimate domain universe has expanded, so too has the registration of their fraudulent counterparts. Total quarterly domain registrations rose 44% between Q1 and Q4 2018, with fraudulent registrations up 11% over the same period.

Such is the scale of the issue that 76% of organisations found lookalike domains posing as their own. A new tech-related TLD, .dev, launched in February of this year. Within two weeks, 30% of organisations found potentially fraudulent domains using it with their brand name. 

And attackers are not just increasing in number but in ingenuity too. There is no single smoking gun when it comes to spotting fraudulent domains. Attackers use a range of tactics, including:

  • TLD squatting – registering identical brand-owned domain names with different TLDs – .co instead of .com, for instance. 
  • Typosquatting – also known as URL hijacking, consists of registering sites close to someone else's brand or copyright, that targets Internet users who incorrectly type a website address into their browser (e.g., “Gooogle.com” instead of “Google.com). 
  • Lookalike Domains – replacing letters with similar looking characters – using the letter m in the place of rn, or a capital I in the place of a lower-case l, for example.

Many fraudulent domains, 26%, even have security certificates, undoing years of advice to “trust the padlock” when it comes to spotting anything untoward. This invigorated approach to domain fraud is driving a resurgence in yet another familiar form of attack: phishing. 

About the author

Adenike Cosgrove is the Cybersecurity Strategist for international markets at Proofpoint.

The phishing threat

Despite being a firm fixture of the threat landscape for some time now, phishing attacks are on the up: over 80% of global infosecurity professionals experienced phishing attacks in 2018, as highlighted in Proofpoint’s 2019 State of the Phish Report. In the same year, reports of credential compromise rose 70% on 2017, up 280% since 2016. 

The key to the success of such attacks is that they target people rather than technology, and domain fraud is one of the tools in cybercriminals’ arsenal to launch more targeted attacks. In fact, 94% of organisations saw at least one fraudulent domain posing as their brand and emailing customers. Many of these domains were sending low volumes of email, suggesting targeted and socially engineered attacks, such as business email compromise.

If an attacker is successful in capturing customer credentials used to access your site, they don’t just get their hands on any personal data you hold on that customer. They are also now armed with everything required for a credential stuffing attack, so they can fraudulently access your customer’s accounts with other organisations using the username and password combination you have stored for them. 

Despite repeated pleas from the cybersecurity community, credential re-use is still frustratingly common. A recent Google survey found that 52% of internet users reuse the same password across multiple accounts while 12% use the same password for every account.

Counting the cost of domain fraud

Failing to properly protect your digital footprint from fraudulent domains not only opens your customers up to the risk of fraud, scams and identity theft, it can also have severe consequences for your business. 

Domain squatting alone can prove costly. Spoofed domains could divert traffic from your site, taking ad revenue with it. Or worse still, sell counterfeit products or services, impacting revenues and damaging consumer trust. The Methbot scheme that spoofed 6,000 U.S. domains in recent years, siphoned off $5 million in fraudulent revenue per day.

Add a phishing attack into the mix and you’re potentially facing a much bigger problem – long-term damage to your reputation. In light of several, recent high-profile breaches, along with the introduction of GDPR, consumers have never been more engaged with their data-selves. 

Companies that fail to protect that data tend to pay a price – 73% of customers would reconsider using a company if it fails to keep their data safe while 30% say they would definitely take their business elsewhere. 

Protecting your digital footprint

Your digital footprint is a key part of your business, providing a vital link between you and your customers and shaping the experience they have with your brand. 

Unfortunately, it also exposes you to digital risk – particularly when it comes to domain fraud which targets your company and its customers via IT infrastructure often outside your control. 

To ensure you protect your digital footprint, and in turn, your customers and your reputation, you need to take back control of that digital infrastructure. You likely already take precautions to protect your legitimate domains from attack, now you need to do the same for similar, suspicious or infringing domains, too. 

Scan domain registries to find out which TLDs are available with your domain name and which are registered. Take action against those that may be infringing your brand or present a security risk. If you’re in a position to do so, buy up similar domains to your own – including common misspellings and those with alternative TLDs. 

You must also remain vigilant. Be sure to continuously monitor the space around your digital footprint for suspicious activity such as new domain registrations. To keep pace with cybercriminals’ increased use of fraudulent domains, it’s vital that you take a proactive approach, harnessing all available tools to protect your revenues, your reputation and your customers.


Adenike Cosgrove is the Cybersecurity Strategist for international markets at Proofpoint.

Adenike Cosgrove

Adenike Cosgrove is the Cybersecurity Strategist for international markets at Proofpoint, where she drives product marketing strategy across European and Asia Pacific markets.