Who’s spoofing you?
And what does that mean to your business?
According to research, individual businesses face over 1000 spoofed domain threats a year. This is over one thousand malicious attempts to use your business domain for fake websites or email hacking. And what’s worse, hackers can buy ready-made spoofing kits on the dark web for less than £50!
Imagine that: your domain being used by hackers; your precious brand being used to try and defraud people… possibly even your customers.
Do you want to make sure this isn’t happening to you?
Well, you can.
What is domain spoofing?
Hackers use these fake email or website names to make their malicious emails and unsecure websites look legitimate and safe. They want to trick you into thinking you are looking at something trusted and legitimate, so you interact with the email or website and provide the hacker with opportunities to take advantage of you, steal personal information or even defraud you.
A domain is a website name, such as orbital10.co.uk, and most businesses use their domain name in their company email address (i.e. info@orbital10.co.uk). Cybercriminals create websites and email addresses using a domain name that looks almost the same as an existing, legitimate domain name, or attackers may create fake email addresses from a legitimate website domain.
They can do this because the business that owns the domain name does not have the correct security protocols for domain verification, such as DMARC (Domain Message Authentication Reporting & Conformance) and DKIM (DomainKeys Identified Mail). The required domain verification is not built into SMTP (Simple Mail Transfer Protocol), which a huge amount of business emails use.
How can you stop your business domain from being spoofed?
Websites are easier, start by ensuring your website has a SSL certificate. Emails however are a different matter.
Firstly, you need to ensure you have the correct domain verification and security protocols in place, which means you need to send your emails via DMARC or similar.
Secondly, a monitoring solution will scan for alterations/variants of your business domain and raise alerts so they can be locked down if required, and ultimately stop fake emails from ever reaching someone’s inbox.
Spoofing is a real problem.
And Orbital10 has a real solution.
Last month we ran an analysis for a customer and found illegitimate users (aka hackers) had sent 160,000 spoof emails based on their domain in one month. After implementing the necessary email protocols and security, we got the following month’s spoof emails down to 27, and we blocked each one. Next month it will be down to zero. And the month after that will be zero. And the month after that…
The customer had no idea about the spoof emails, let alone the volume and their vulnerability. Most businesses don’t.
Orbital10’s O So Secure monitoring solution will first identify threats, the volume of spoof email attempts and the vulnerability of your domain name. We then implement security and monitoring measures to block the threats and ensure you are secure against any future threats.
Protect your domain. Protect your brand. Talk to us about getting O So Secure >
Sources:
https://www.helpnetsecurity.com/2021/03/23/domains-protected-dmarc/
