Have you ever mistyped the URL for a website and ended up somewhere completely wrong? Of course; we all have! Unfortunately, attackers know this too.
The Problem
A very common phishing scam involves setting up a "credential stealing" website that looks like your intended site, but is controlled by an attacker. For example, instead of a link to Docusign.com, the link might actually be https://Docusi.gn (note, this is a fake domain, but may not be for long!). When you go to that fake site, you may be fooled into typing in your username and password, thereby leaking that data to the attackers. The attacker may also attempt to force malware downloads, ask for more personal information, or maybe even ask for credit or banking details.
But what if someone makes a fake domain that looks like your own domain? Such a look-alike domain could be used to phish your own employees, fooling them into entering their work credentials into the attackers site. This attack variation could also be used against your customers in a similar way described above - try explaining that to your customers!
The Solution
This is a deceptively difficult problem to solve. The easy and obvious solution is to simply verify that you're always going to the right URL. Unfortunately, that’s easy advice to forget - especially as you get busy throughout the day. The following strategies have been proven to be helpful for this problem:
-
Stop Clicking Links - If you get an email from a service you subscribe to (online banking, for example), simply log in to that service to see the message; don't trust the link. If you do decide to click the link, make sure you at least look at the URL before going any further.
-
Domain Reputation Services - You can use domain reputation services like Cisco Umbrella to help identify and block known phishing websites. This is often even built in to your Anti Virus software; make sure that's enabled. These services are not 100% solutions, but they are helpful!
-
Monitor for Domain Homoglyphs - Homoglyph is the technical term for look-alike domains, and guess what? Coalition does this for you! As we detect new domains that look like yours, we notify you so you can let your employees or customers know about the risk! This is included in every Coalition policy by default.
-
Education - Educate your employees on the risks posed by simply clicking bad links. This is easy to teach and reinforce, with a very high return value!
You'll notice that none of the solutions fully replaces the need to simply be vigilant. That's what makes this a complicated problem: it really comes down to continual education and training. One of the greatest risks in cybersecurity is the human-factor, and education is crucial!
For more information on this topic, please reach out to us; we’re here to help!