“Another critical step companies can take is to monitor the registration of what we call ‘cousin domain names’ which are essentially similar to your company’s domain name. A rather famous cousin domain name that appeared recently was visa-security.com. That email was used to launch a phishing attack spoofing Visa and asking people to update their credit card information. Another recent example would be paypalr.com, which was used to obtain Paypal information,” Jevans explains.
An easy to implement, cost-effective approach to anti-phishing would be the monitoring of domain name registration. Companies should subscribe to a domain name service, such as Internet Identity, or Name Protect, that conduct audits of existing domain names. These services also provide lists of common names used in phishing, and often recommend that you purchase available related domain names. Additionally, they compile lists of domain names that other people own, names a company should be watching closely and regularly for suspect activity, i.e., ‘AOL-billing.com’.
Jevans explained that approximately 20% of phishing attacks originate from a cousin domain name. So what recourse does a company have when they’ve found out someone’s using a similar domain name?
“This is a critical issue companies are faced with right now,” says Jevans. “If someone launches a phishing attack against you and an event has actually occurred, or if they’ve set up a website with your graphics and content and they’re poised to launch an attack, you need to contact the domain name registrar and attempt to get the name revoked. However, domain name registrars may not comply with your request. If an attack has occurred, you should also immediately contact your local high tech crime unit, or Electronic Crimes Task Force (ECTF). “
All major cities in the U.S. have FBI local offices and a connection to computer fraud divisions. The FBI will also contact the registrar, tending to have a better response rate. In this multi-level approach, companies should also locate the ISP hosting the site, (which can be found by looking up the domain registrar), and ask the ISP to take down the site.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.