MAGNIFY CYBER SECURITY BLOG

Domain Impersonation: The Popular New Tactic for Phishing Attacks

19 May 2020

Domain impersonation is increasingly becoming a problem which targets businesses and their customers. Phishing attackers are now advancing their level of sophistication by utilising domain impersonation as part of Business Email Compromise (BEC) scams that can result in CEO fraud, malware infection, or ransom. 

What is Domain Impersonation?

Attackers purchase domains similar to legitimate ones, lending the illusion of authenticity to phishing emails. For example, an illegitimate password reset email from [email protected] would not appear out of place at first glance when the legitimate address is mybusiness.com. 

These domains are being used to target customers to change account details to divert payments.

What’s the Solution?

While technically, the responsibility to verify identity falls to the customer, commercially, there is a requirement to do everything possible to control this issue. However, it needs to be viable and not onerous to the business or customers. While there is no one-size-fits-all solution, we make the following high-level recommendations:

Utilise threat intelligence to seek out domain impersonators.

Run dnstwister as an in-house method to identify similar domains which have been registered. Signpost the corporate legal department to a US-based specialist domain takedown law firm. Typically, these US-based law firms have a sustained history of working with domain registrars at pace to assertively takedown impersonated domains.

A culture of constant vigilance should be encouraged for both employees and customers.

Consider a marketing campaign to remind customers of the phishing threat. Ask them to report phishing emails from impersonating domains and monitor their content. If the email content contains confidential, factually correct information, the attackers may have access to an email system. This could be the business’, the customer’s, or both.

A defence-in-depth approach should be taken where possible.

Using multiple security measures will help remove single points of failure, creating a more resilient security policy. For example, offer to encrypt all financial communication with customers as an opt-in service. Office 365 natively offers message encryption as a method to mitigate data compromise.