At its core, phishing is a pretty simple exploit. Send a malicious email, but make it look like it comes from some person or some company you know and trust.
One of the most frequently-used phishing tactics is domain name spoofing. Domain name spoofing occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This can be done by sending an email with a false domain name that looks like the correct domain name, or including a link in an email to what appears to be a trusted domain.
The one advantage users have to stop this exploit is that the domain used by the attacker isn’t the real domain. So, if you can figure that out, you can protect yourself.
Now comes the problem with the data breach at the registrar. According to an article on CPO Magazine, “Leading domain name registrar Web.com announced last week that it had discovered a data breach that likely involves millions of customer accounts. This massive exposure of account information did not contain credit card numbers, but is likely to lead to an explosion of phishing scams as the detailed personal information can be connected directly to websites and their owners.”
While not likely, it is possible that the hackers could take over control of domain names with the information they exfiltrated. Once they do that, “It wouldn’t be difficult to redirect users to a bogus lookalike site used to capture personal information and credit card numbers. An even simpler attack would be to automatically redirect all visitors to a site that loads malware or ransomware.”
Once a hacker takes over a domain, it’s no longer domain name spoofing because the email is actually coming from the registered domain. They no longer have to make the email look like it comes from a trusted company because it is.
How do you protect yourself against that?
There’s only one way. With real-time link click protection. What is real-time link click protection? It’s a service offered by cloud-based email security service companies like DuoCircle. With real-time link click protection, every time someone at your company clicks on any link in an email, before they are allowed to visit that site, the software goes to that site to make sure it’s legitimate. It it’s not, the user is prevented from visiting the site.
That’s the only way to protect yourself and your company from phishing emails that come from compromised domains.
You don’t trust the email at all and simply check every linked to website the email contains.
When you’re ready to protect your employees with 24/7 email protection with Advanced Threat Defense, head on over to DuoCircle.com. It works with any email provider, sets up in minutes and costs just pennies per employee per month.
Don’t let some other company’s data breach become your headache.