Domain names, Orgs and Phishing- a match made by a malicious actor.
This article is kinda different from what I have previously written. You could take this one to be educational or to help your customers from being victimized by online fraud and scams. Please note that this would be my suggestion, please let me know if there is something that didn't make sense.
A bit of backstory on why I got this into my mind. I used to play a lot of CSGO, a game made by Valve. They have 2 main sites under them, one is steamcommunity.com and the other is valvesoftware.com. The virtual cosmetics a.k.a skins of CSGO made by valve are worth from $0.01 to $150,000+. Yeah, you heard me right, skin can cost from $0.01 to more than $150,000 (more than 1 crore in the Indian rupee). These cosmetics are tradable and are bought via liquid cash or either in crypto to others. Seeing this huge opportunity, many scammers and fraudsters scammed or defrauded many for many millions of dollars. How you may ask? One of the most used was phishing sites which look similar to that of the steams legit website steamcommunity.com from the login page to UI. They used to copy the entire site front end to lure a user into thinking it is legit and steal credentials of the user accounts.
So how are these websites being legitimized? Simple, when valve made their site, they first had to buy the domain name “steamcommunity” from domain registers like Go Daddy or Big Rock etc. When valve bought steamcommunity from a domain register, they didn’t bother about other site names similar to steamcommunity.com like steamcommunity.ru, steamcommunity.de, steamcommunity.net, staemcommunity.com, steamcommuynity.com. These domain names are usually brought with spelling mistakes which makes it hard to distinguish.
So this was just one single case related to gaming and now think about situations where you have an account in a bank- A whose website is banka.com and on a completely normal day you get a message to your mobile saying it is from the bank-A with a link bank-a.com or banka.online that looks convincing and saying there is some error with your account please login to your account. Now out of fear and panic one will login with the valid credentials which in turns goes to the malicious actor who owns the site bank-a.com after some time you get a message saying your entire life savings have been transferred to some account that you are not aware of upon contacting the bank-a they say that you have authorized for the transaction via online banking using your correct credentials.
The above scenario is a real-life example where millions have lost their money to phishing scams and are still losing their money and their life savings to these malicious actors who exploit not the vulnerability of the site but the vulnerabilities of us humans.
How are orgs are related to this? And how orgs can save not all, but at least some from being scammed? You might be wondering if user/customer awareness or training would help. Yes, it does help but not to the full extent nowadays, phishing sites are being sophisticated more and more. So, as you may ask, it would be buying all the look-alike domains, not if most of the name like domains have the same wording as the original one. Ex: I have taken SBI banks online portal’s original link “onlinesbi.com”. Now lets search for some domains with words that look legit for being SBI online portal like sbibank, onlinesbibank.
Now let us be frank between these daily hustles in your life you receive a message from which looks like SBI with links like onlinesbibank.in, onlinesbibank.net or sbionlinebanking.com chances for falling to this attacks are pretty high even after you are trained by SBI not to click on links but out of fear and loss you click it and all the attacker need is just a click to make your life living hell. Now orgs/banks such as SBI with a turnover of more than $50 billion i.e INR 3 Lakh Crore and huge budget towards security, buying all the name like domains would cost a bit more than $10000 but can save your thousands, not if lakhs of your customers from being scammed of their money. Which indeed helps in increasing the customer’s trust.
And this could apply to many organizations. Some organizations have started to do the same by buying all the look-a-like domain names like youtube has youtu.be which takes you to youtube.com. Now many orgs are putting budget into buying fake/dummy domains to save users from falling under phishing claws.
Daily users of the internet to protect yourself from these phishing scams, for better security
- Use proper Anti-virus software that can protect against phishing attacks.
- Use password managers, they check if the site is legit and safe to log in.
“Trust nothing, verify everything”
Feedback is very much appreciated. You can contact me on Twitter @krishnasai_456. Please let me know if I had said anything wrong please correct me.
Note: I haven’t used the word hacker in this article as this stuff is done by malicious actors they are not hackers, they are just fraudsters and scammers who ruin lives!
Stay safe until next time!!! ❤
