Domain Impersonation: The Consequences of Lack of Attention

CyberSecurity Awareness, Cyber Threats.

What is a domain?

- A domain name is the name of a website or an email, to be precise, it is the address used to access your website or send an email. A domain name is used for identifying computers on the internet and every domain name is unique.

What is Domain Impersonation?

- Domain impersonation is often used for impersonation and conversation hijacking attacks, by hackers, which is a type of cyber threat. Attackers use techniques such as replacing one or more letters in a legitimate email domain with a hard-to-notice character or a similar looking character, or by typosquatting, to make attempts to impersonate legitimate domains of organisations or individuals.

- Lack of cyber threat intelligence training can make it easier for impersonated website names or email domains to be used to try and trick users into interacting with malicious email or phishing websites as if they are genuine/legitimate. Intruders start with registering or buying these impersonated domains, to prepare for their attack.

How can a domain be impersonated?

- Lack of attention to detail is severely important as domain impersonation is a very high impact attack cyber threat. It is only natural that sometimes individuals may not pay enough attention and miss the fact that a letter is missing or changed in the email domain as the differences would be very subtle.

- For example, when an attacker impersonates a domain such as medium.com, they may use similar URLs such as:

Ø mediom.com

Ø mediium.com

Ø mediumm.com

- The attacker may also invest money and time into registering the impersonating domains. In addition to the URLs, attackers can also change the Top-Level-Domain (TLD), so instead of .io they can change the TLD to .co or.net. This allows them to ensure that their attack is less detectable, and they potentially would have higher impact and returns.

- Attackers will use the information taken from compromised accounts and create convincing messages using the impersonated domains to trick victims into giving them further information or monetary gains. They potentially can impersonate your vendor and request you to share your vendor’s bank account details.

What impacts and consequences would this have on your organisation?

- Domain impersonation can cause financial loss and potential reputable damage to an organisation. Although it is not one of the most attempted cyber threat attacks, it is an attack which has a major impact if completed successfully.

- Usually domain impersonation attacks are faced by individuals as they are easier targets than organisations, as they have less comprehensive cyber threat intelligence training, or tools for detection.

What to do and how to avoid domain impersonation.

- Initially you must ensure that your organisation provides cyber threat intelligence training to make employees aware of potential attacks and issues that may surface following. A comprehensive cyber threat intelligence training will ensure that the latest tools to detect, engage and neutralize cyber threats in real time.

- To prevent an attack prior to being attacked the best way is to enhance threat monitoring techniques. To apply this to your organisations, one way could be the use of artificial intelligence to monitor incoming emails and links and check the domain names to see if they are impersonated or unsecure.

- Many organisations also choose to purchase similar domain names to avoid potential attacks so that there is no availability for attackers, and this makes sure that they are less likely to attempt knowing that the other domain names would be more recognisable.