Recorded Future - How to Investigate Typosquats

What To Do When You Encounter A Suspicious Look-alike Domain

Typosquats and other forms of domain-based impersonation are a significant problem for organizations both big and small. Adversaries use lookalike domains to target your customers and employees, resulting in credential theft, reputational damage, and potentially millions of dollars of damage along the way.

But not all suspicious-looking domains are equal, and only certain types can be taken down. This step by step guide will help you understand how to investigate a potential typosquat domain so that you can act quickly before any potential damage is done:

Step 1

You identify what appears to be a typosquat or fraudulent domain. Proceed to the next step.

Step 2

Check to see if the domain is owned by your company:

  • Perform a WHOIS lookup (e.g., DomainTools)
  • Check your internal company records

YES, the domain is owned by your company → Dismiss the alert.

NO, the domain is now owned by your company → Proceed to the next step

Step 3

Find out if the domain is being used maliciously:

  • Review references to the domain
  • Research the certificate (e.g., Censys)
  • Check for website brand abuse (e.g., using URLScan)

NO, the domain is not being used maliciously → 

  • Dismiss the alert and continue monitoring the domain for future abuse.

YES, the domain is being used maliciously → Proceed to Step 4.

Step 4

Take action:

  • Have your legal team work with the domain registrar to take the fraudulent domain down
  • Report as phish or malicious via Google, Symantec, Phishtank
  • Block the domain in your email gateway
  • Record metrics of value

Typosquat Discovery and Takedown is Easy with Brand Intelligence

One of the most difficult parts in managing typosquats is that most organizations don’t have visibility into when adversaries are registering new domains. Brand Intelligence from Recorded Future automatically detects typosquats and other forms of domain abuse in real-time, allowing you to instantly know when a new malicious website is registered and when it is being weaponized

Alerts are automatically packed with valuable context including DNS records, WhoIS data, and certificate data—allowing you to dramatically decrease the amount of time needed to investigate and take action on a typosquat. Additionally, bundled takedown services make it simple to get malicious w

The post How to Investigate Typosquats appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/how-to-investigate-typosquats/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more