What is Domain Name Spoofing?

DNS spoofing is a type of attack in which a malicious actor intercepts DNS requests and returns the address that leads to its own server instead of the real address.

Definition: DNS Spoofing is a type of computer attack wherein a user is forced to navigate to a fake website disguised to look like a real one, with the intention of diverting traffic or stealing credentials of the users. Spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.

How DNS Poisoning and Spoofing Works

The code for DNS cache poisoning is often found in URLs sent via spam emails. These emails attempt to frighten users into clicking on the supplied URL, which in turn infects their computer. Banner ads and images — both in emails and untrustworthy websites — can also direct users to this code. Once poisoned, a user's computer will take them to fake websites that are spoofed to look like the real thing, exposing them to risks such as spyware, keyloggers or worms.

Counting the cost of domain fraud

Failing to properly protect your digital footprint from fraudulent domains not only opens your customers up to the risk of fraud, scams and identity theft, it can also have severe consequences for your business. 

Domain squatting alone can prove costly. Spoofed domains could divert traffic from your site, taking ad revenue with it. Or worse still, sell counterfeit products or services, impacting revenues and damaging consumer trust. The Methbot scheme that spoofed 6,000 U.S. domains in recent years, siphoned off $5 million in fraudulent revenue per day.

Add a phishing attack into the mix and you’re potentially facing a much bigger problem – long-term damage to your reputation. In light of several, recent high-profile breaches, along with the introduction of GDPR, consumers have never been more engaged with their data-selves. 

Companies that fail to protect that data tend to pay a price – 73% of customers would reconsider using a company if it fails to keep their data safe while 30% say they would definitely take their business elsewhere.

What about DNS hijacking?

Malware can also be used to affect the resolution of domain names so the victims connect to a server controlled by the criminals. There are examples of malware like Win32/DNSChanger , which modify the DNS established by the user or our internet service provider. We can see how they work in the following image:

This enables the attackers to carry out a wide variety of attacks, ranging from phishing – in other words using fake websites which the victim visits thinking they are real (having accessed them by entering the correct address in their browser) – to the use of exploits to take advantage of vulnerabilities while the user is browsing what are believed to be trusted web pages but which have in fact been generated by the attackers in order to infect the user.

The clearest example, however, is that of networks of zombie computers, otherwise known as botnets. A lot of these modify the DNS servers that their victims have configured, making them point to others controlled by the attackers. This way, as well as the malicious actions we have already described, the criminals can send commands to the bots, update the version of the malware, or even remove it from the system if necessary.

To Prevent From DNS Spoofing –

DNS Security Extensions (DNSSEC) is used to add an additional layer of security in the DNS resolution process to prevent security threats such as DNS Spoofing or DNS cache poisoning.

DNSSEC protects against such attacks by digitally ‘signing’ data so you can be assured it is valid.

Moreover, you are advised to use servers that are secure of DDOS attacks as they also can lead to data leakage.

Two-Factor authentication is also a very secure way to prevent your data from getting stolen by Hackers as it authenticates that only the correct user gets the data and the one with the key gets it. Two Factor authentications are very secure and are advised to be used.

Final Words

To protect yourself from the threats of phishing attacks like these, you will need advanced phishing protection technology that will keep you safe from the threats of these attacks. Spoofing protection is essential to keep your website safe from DNS attacks.

Sources:

https://www.kaspersky.co.in/resource-center/definitions/dns 

https://www.techradar.com/in/news/why-criminals-spoof-your-domain-name

https://economictimes.indiatimes.com/definition/dns-spoofing

https://www.welivesecurity.com/2017/02/27/dns-attacks-try-direct-fake-pages/

https://blog.usejournal.com/man-in-the-middle-dns-spoofing-df77ab2cae35

The 5 Most Common Types of Phishing Attacks

Phishing is one of the most common techniques which are used by cybercriminals all around the world. Cybercriminals are getting smarter and smarter and are coming up with different ways to phish unsuspecting people.

Phishing as a whole contains a lot of techniques that are designed to fool people one way or another. Today, we will talk about the most common phishing techniques which are used by cybercriminals all around the world.

DECEPTIVE PHISHING

Deceptive phishing is by far the most common type of phishing scam. In this type of ploy, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

As an example, PayPal scammers could send out an attack email that instructs recipients to click on a link in order to rectify a discrepancy with their account. In actuality, the link redirects to a fake PayPal login page that collects a victim’s login credentials and sends them to the attackers.

The success of a deceptive phish hinges on how closely the attack email resembles a piece of official correspondence from the abused company. As a result, users should inspect all URLs carefully to see if they redirect to an unknown and/or suspicious website. They should also look out for generic salutations, grammar mistakes and spelling errors scattered throughout the email...to know more, visit - Tripwire.

EMAIL PHISHING

Most phishing attacks are sent by email. The crook will register a fake domain that mimics a genuine organisation and sends thousands out thousands of generic requests.

The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’.

Alternatively, they might use the organisation’s name in the local part of the email address (such as [email protected]) in the hopes that the sender’s name will simply appear as ‘PayPal’ in the recipient’s inbox.

There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download a attachment...read more at - it governance.

Spear Phishing:

Spear phishing usually targets business organizations. The impostors customize their attack emails with the target’s victim name, company, position, work phone number, and other vital information to trick the recipient into believing that they have some connection with the sender.

Here the goal of the attacker is the same as that in the email phishing. The attacker tricks the victim to click on a malicious URL or any email attachment so they can give away their data. Spear phishing is prevalent on social media sites like LinkedIn, where hijackers use multiple sources to craft a targeted attack email. It is often found that different social media platforms have more than 20% of methods to deliver malware over the internet other than websites. The cyber-criminals also earn approximately $3.5 billion by violating social media. Thus, it is imperative to maximize your social media safety. 

To defend against this type of scam, companies should conduct security awareness training programs. Employees should be taught not to publish either corporate or any other sensitive information on social media. Organizations should invest in solutions that examine inbound emails to know malicious emails and links...go to - My Memory for more information.

CEO Fraud

Despite the name, CEO fraud is targeted at anyone within a company who has the power to enact payments or provide vital information. As we’ve seen from several high-profile cases, fraudsters assume the identity of an authority figure within a company and make a request to the accountant of the business to action a payment.

Be sure to double-check any ‘fishy’ sounding requests, and remember the boss will be more annoyed by a million-dollar scam than an extra phone call here and there. Companies are also encouraged to employ two-step or two-factor authentication as best practice to defend against such trickery...visit - Cloudm to know more.

Domain spoofing 

The next type of phishing we want to mention is known as domain spoofing. This method of attack uses either email or fraudulent websites. Domain spoofing occurs when a cybercriminal “spoofs” an organization or company’s domain to: 

make their emails look like they’re coming from the official domain, or 

make a fake website look like the real deal by adopting the real site’s design and using either a similar URL or Unicode characters that look like ASCII characters.   

How’s that possible? In the case of an email-based attack, a cybercriminal forges a new email header that makes it appear like the email is originating from a company’s legitimate email address. In a website domain spoof, the cybercriminal creates a fraudulent website and with a domain that looks legitimate or is close to the original (apple.com vs apple.co, for example).

Read more at: https://www.thesslstore.com/blog/10-types-of-phishing-attacks-and-phishing-scams/

Now you know what kind of emails you can get in your inbox. User education can come in handy but you shouldn’t use it as the last line of defense as just one click is enough to hack into your system, Real-time link click from phishing prevention services can give you better security.

What is Whale Phishing?

A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company, as those that hold higher positions within the company typically have complete access to sensitive data. In many whaling phishing attacks, the attacker's goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.

What Is the Objective of Whaling?

The point is to swindle someone in upper management into divulging confidential company information. This usually comes in the form of a password to a sensitive account, which the attacker can then access to gain more information.

The end-game in all phishing attacks like whaling is to scare the recipient; to convince them that they need to take action to proceed, like to avoid legal fees, to prevent from getting fired, to stop the company from bankruptcy, etc. 

What Does a Whaling Scam Look Like?

Whaling, like any phishing con game, involves a web page or email that masquerades as one that's legitimate and urgent. They're designed to look like a critical business email or something from someone with legitimate authority, either externally or even internally from the company itself.

The whaling attempt might look like a link to a regular website you're familiar with. It probably asks for your login information just like you'd expect. However, if you're not careful, what happens next is the problem...read more at - Lifewire.

How whaling attacks work

The goal of a whaling attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. For example, attackers may send the victim an email that appears to be from a trusted source; some whaling campaigns include a customized malicious website that has been created especially for the attack.

Whaling attack emails and websites are highly customized and personalized, and they often incorporate the target's name, job title or other relevant information gleaned from a variety of sources. This level of personalization makes it difficult to detect a whaling attack...and more info over at - TechTarget.

HARPOONING THE WHALE

In a whaling attack, a bad actor sends out an email to a specific executive officer or senior manager. That email contains personal information relating to the recipient, and it may incorporate company logos, familiar (but not identical) email domains, and other design work to fool the recipient into thinking the message originated from a legitimate company.

Most of the time, whalers are interested in pulling off a business email compromise (BEC). By stealing an executive’s business email credentials, they can abuse that authority to make fraudulent wire transfers to financial institutions located all over the world.

Since October 2013, the FBI has received 17,642 reports from victims of this type of scam, amounting to more than US$2.3 billion in losses. That includes an incident last summer where attackers defrauded an unidentified American corporation out of USD$100 million...for more info, visit - Tripwire.

Why Are Whaling Attacks Successful?

Whaling attacks use fraudulent emails that appear to be from trusted sources to try to trick victims into divulging sensitive data over email or visiting a spoofed website that mimics that of a legitimate business and asks for sensitive information such as payment or account details. Whaling emails and websites are highly personalized towards their targets and often include targets’ names, job titles, and basic details to make the communications look as legitimate as possible. Attackers also use spoofed email addresses and actual corporate logos, phone numbers, and other details to make attacks seem like they are coming from trusted entities such as business partners, banks, or government agencies.

Whaling attacks are more difficult to detect than typical phishing attacks because they are so highly personalized and are sent only to select targets within a company. Whaling attacks can rely solely on social engineering to fool their targets, though some cases will use hyperlinks or attachments to infect victims with malware or solicit sensitive information. Because of the high returns that cybercriminals can gain from whaling attacks, attackers spend more time and effort constructing the attack to seem as legitimate as possible. Attackers often gather the details that they need to personalize their attacks from social media such as Facebook, Twitter, and LinkedIn, profiling targets’ company information, job details, and names of coworkers or business partners. Whaling is becoming more successful, and as a result there has been an increase in its popularity...visit - Digital Guardian to know more.

These were the things you need to know about Whale Phishing and how can you be secure against these types of attacks. The first thing you need to do is secure yourself by using a security service which can help you to get rid of the harmful emails and misclicks that you can do while reading the email. Visit - PhishProtection to know more about phishing protection services.