Domain Abuse: What to Look For and Monitor

Let’s say that you have just signed up for a new subscription to a software program. You’re new to the company and service and learning the ropes of this new program. As you are getting started, your email inbox pings with a new email alert.

You open it, and it appears that your payment information was incorrect when you registered for the program. A link has been provided to reenter the information so that you can continue receiving the benefits of your new service.

A second glance at the email would have revealed spelling mistakes, that the company’s logo colors were slightly off, and the sender’s email address was either definitely not from the software provider, or had been manipulated to look like the real email. If you were to follow the link provided and enter your payment information, you would become a victim of domain abuse.

What is Domain Abuse?

Domain abuse is like a bad case of stolen identity. It occurs when a brand’s image is stolen and used by hackers for malicious intent.

There are five common ways that web domain abuse can occur:

• Counterfeiting: a brand’s image, often including logo, web design, and product listings is copied into a fraudulent domain. The scammer’s intent is to use the established company’s good reputation and trustworthiness to distract from anything on the site that doesn’t quite look as it should. When the victims of the counterfeit site place an order they will either receive very poor quality items from the scammer, or in some cases, receive no product at all.
• Cybersquatting: a business’ domain is closely mimicked with a common misspelling of the business with the intent to take advantage of customers who quickly type an incorrect URL. Instead of counterfeiting the brand, these scammers are intending to steal the foot traffic of the brand they have copied and will often fill these sites with their own content. Their content could be anything from profiting through paid ads on the site to filling the web page with harmful malware to infect its victims.
• Phishing Attacks: very similar to counterfeiting, but a scammer’s intent is to create a look-alike web domain to gain the personal information of victims. These campaigns are typically executed via email with the goal of obtaining personal information including credit or debit card information, login credentials, and personal financial information.
• Spear-Phishing: this is a form of phishing that occurs when a scammer targets an individual employee within a company, usually by mimicking a supervisor’s name and email address or by including personalized information found through social engineering. This type of domain abuse is especially harmful to companies when a scammer is able to obtain private or confidential information intended for internal use only.
• Hijacking: occurs when a scammer is able to hack into a company’s website, change the login information, and lock a company out of its own site. Sometimes a scammer will hold the site hostage in hopes of a hefty ransom. Other times, the scammer just wants to wreak havoc on a brand by changing information on the site or exploiting customer data.

How Prevalent is Domain Abuse?

Because of the increase in the number of activities happening on the internet, including banking, dating, and shopping, there is a large increase in the amount of personal data that is floating around the web. This gives cybercriminals ample opportunity to take advantage of those who aren’t yet protected.

In 2010, Google launched a Safe Browsing program that was designed “to identify unsafe websites across the web and notify users and website owners of potential harm.”

Their intent was to warn web owners and users of potential harm in order to minimize domain abuse. As of October 2021, Google Transparency Report was issuing over 5 million domain abuse warnings to users and web owners per week.

How Does Domain Abuse Impact Brand Trust?

Domain abuse can have a negative effect on brand trust and brand reputation. Customers trust businesses with personal and proprietary information, and when this information is leaked, businesses appear to be weak and untrustworthy.

This obviously impacts customer trust. In the eyes of the customer who is a victim of domain abuse, the fault always falls on the business. Either the business is too ignorant to learn how to defend themselves, or they simply haven’t done enough to ensure that they are secure and protected.

Short-term damage may come in the form of angry customers and nasty reviews. But in the long term, the impact of declining customer trust could make or break a business. In a study that was completed in 2019, it was found that 81% of consumers stated they had to trust a brand in order to buy from them.

How Can I Identify and Avoid Domain Abuse?

If you have a copycat and customers’ information is being stolen, your customers are likely to be upset because they thought they could trust you. The issue is that you were not even aware the domain abuse was happening.

How can you avoid this scenario? The good news is that there are several ways to determine if your domain is being targeted for abuse as well as ways to protect yourself before domain fraud and abuse occurs.

1. Defend your brand by seeking out, targeting, and reporting cybersquatters.
2. Purchase your company’s typo domains rather than leave them available.
3. Set up secure emailing protection such as STARTTLS, SPF, DKIM, DMARC, DANE, and MTA-STS to defend against phishing.
4. Identify domain abuse and request that the harmful sites be taken down.
5. Leverage domain fraud monitoring services from experienced threat intelligence providers.

Stay tuned for more security awareness training and tips for digital risk protection.

About Nisos®

Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.