The real-life counterpart of domain impersonation attacks has been bothering us all for a long time. We have likely seen the ‘Poma’ bags and the ‘Abibas’ shoes. The virtual equivalent of this is cousin domain spoofing, where a slight change in a legitimate domain name is used to trick unwary users into visiting false phishing sites. While this problem can be solved with a little more attention to detail, a more serious problem arises when domains are stolen as they are. In this type of attack, a hacker makes illegal use of a perfectly authentic domain (or mailbox sender address) to pose as an authority figure. Using this false id, the hacker sends a well-crafted, harmless looking email, which is interpreted by the receiver as having come from a valid person. Without having much doubt, the victim complies to whatever demands were made in the fraudulent mail, which often includes requests for funding.
This is a threatening situation to be in, since careful vigilance is of no use. If the criminal is successful in gaining the victim’s trust, he can request for virtually anything, without arousing suspicion.
Domain Impersonation Becomes More Dangerous
According to a report from the security vendor Barracuda, cybercriminals are becoming more and more inclined towards using lookalike domains, which may lead to Authority Figure Impersonation or worse, a full-blown ransomware attack.
A fraud occurs when a cybercriminal gains the trust of a victim through the use of a trustworthy looking mailbox address (or domain). The criminal takes great efforts in maintaining a email back-and-forth and since the ‘from’ section of the email header appears legitimate, the victim does not suspect malicious intent. Moreover, cybercriminals will often pose as a person having a position of power at the organization (a CEO for e.g.) so that any requests made will not likely be ignored.
Staff members from the accounts department and other senior personnel like key stakeholders or decision makers are possible targets. Out of the nowhere, without prior context, an email drops into an accountant’s inbox, with a request for the release of funds. The originator’s address seems to be coming from high up, and the accountant, due to the hierarchy, does as is asked, without thinking twice. The email also contains bank accounts and other details that make the whole business look formal and authentic, when in fact, the bank account belongs to the cybercriminal.
Another crime-prone area of an organization is Business Email Communication, which is under the threat of Conversation Hijacking. The entire stream of messaging is monitored, and then suddenly, the intruder injects himself into the conversation, posing as a valid person. In all these scenarios, the only thing that is being misused is the domain, which is crucial in removing all doubt from the mind of the victim.
Safeguarding Techniques
A close scrutiny at the sender’s address might be enough to ward off the less serious, lookalike domain attacks, but that is rare. Often, the other person has done his ‘homework’ and is prepared to pass a lot of preliminary tests. The best thing to do here would be to follow the ‘Prevention is better than cure philosophy’ and look for the services of a trusted security vendor.
One of the services we offer is the DMARC monitor tool, an email validation system that works extensively on the ‘from’ section of emails. After implementing DMARC, organisations will begin to receive raw data with many potential insights into their email traffic. Logix has core expertise in interpreting these reports & define action plans to achieve maximum compliance. DMARC Monitor helps you mitigate risks and block malicious emails, working like an expert guide and helping business enterprises put an efficient reject policy into place. To know more about DMARC Monitor Express, head over to our DMARC Monitor Express Page where you can get the full details and a facility for a demo.
