Phishing and fraud have surged over the past year as many populations and businesses are more active online than they were in the past. Societal events like the pandemic have exacerbated this trend, as many individuals and companies moved activity online for efficiency, leading to less vigilant and security-aware users who are easier to exploit. Additionally, as the effects of inflation kick in, more people may be driven to fraudulent sites that promise deals or financial relief, when in actuality they do not. As a result, brands may suffer losses and damage to their reputational trust when consumers are victimized.
Organizations across industries are all seeing or themselves experiencing the onslaught of phishing and fraud, both of which can impact a brand’s reputation and prospects for success. To push back, many executives are pursuing a top-down approach to lead their teams to guard against attacks. To fully integrate security across the entire organization, however, security leaders must focus on truly improving their organization’s first line of defense. It’s also an often overlooked one in traditional cybersecurity programs: their domains.
What Is Domain Security?
Domain security involves monitoring for and shutting down websites that seek to mimic your brand for the purpose of carrying out fraud. This includes safeguarding your own domain ecosystem and carefully attending to any suspicious activity. Red flags include variations on a brand’s own domain but with misspellings or switched/added characters, called homoglyphs.
Build a Radar for Domain Security Protocols
Although phishing isn’t new, it continues to be a successful technique because organizations aren’t getting to the root of the problem — criminals’ ability to quickly and easily register and create phishing pages using vulnerable company domains. So, instead of handling the root of the problem and protecting domains from vulnerabilities, security teams are left to treat the symptoms of those vulnerable domains once they’re exploited. This means putting out fires like domain/subdomain hijacks to set up fraudulent web content or social engineering schemes that use a domain to send emails targeting unsuspecting employees.
Organizations need to implement a radar-like approach to domain security. They should create a system and strategy for detecting and tracking activity throughout the organization’s entire domain ecosystem. Complete visibility into the state of their domains allows organizations to see how malicious actors are misusing their brand and gives them the insight necessary to develop a program and policies for taking necessary action to cut off threats from the time a domain is set up.
To maintain complete visibility, organizations should partner with services that provide comprehensive domain activity monitoring. This partnership should prioritize setting up notifications, safeguards and remediations that ensure risky domain registrations are immediately blocked from creation before they ever need to be taken down. Such red flags include variations on a brand’s own domain but with misspellings or switched/added characters (called homoglyphs).
Brand protection and domain security, however, are not just about keeping an eye on what’s happening externally, meaning who’s registering domains under the guise of an organization’s brand. They also entail self-reflection to understand which branches of domains/subdomains they’ve created in the past, what is happening with them now, who is taking care of them and, most importantly in this case, who is maintaining their security. Two major and often overlooked domain activities that organizations need to specifically address within their internal ecosystem are improperly “closed” subdomains and dangling DNS records that leave open connections for fraudsters to hijack.
Avoiding Communication Oversights
Your organization’s security team can’t track and secure your domains accurately if it has no visibility into what domains are being used for new business initiatives or marketing campaigns. As such, thorough and transparent communication amongst an organization’s teams and partners becomes the critical component to visibility to ensure successful domain management internally.
Ultimately, organizations must set an expectation that whoever is associated with a company (internally and externally) who deals with domains will follow this protocol. For instance, organizations should aim to work with security-minded domain registrars and partners that implement domain monitoring and remediation capabilities like those discussed above, to prevent vulnerabilities and exploits and who promise to not sell variations of the brand to organizations that don’t own it.
As nearly every industry experiences some sort of phishing or fraud attempt, it is vital that organizations do not overlook the very base of where these attacks begin. Domain management strategies need to leverage the right tools and people to ensure strong visibility and communication around all domain activities, to prevent internal vulnerabilities and to stop external infringers from piggybacking on your brand.
