Recently we assisted a company with an online scamming attempt.
While resolving the issue and taking down the scammer’s site is not so difficult, I think it is worth sharing because of a new trend in phishing attempts.
With the availability of new domain TLDs such as .club, .pizza, etc businesses have the opportunity to engage their customers with more catchy domain names.
However, this also presents an opportunity for cyber criminals to conceal their attacks.
Take a look at this message that has been going around social media in the last 24 hours.
When you look closely, it reflects some serious hard work undertaken to craft the attack.
The attacker has crafted the message, the dominos logo and relevant text in the header to make it look genuine.
Most important is the domain name. A vast number of people, seeing this on the Whatsapp on their mobile phones, will almost believe the message is from dominos when they look at the 1st part of the URL.
The attackers have used a clever domain TLD – uk-2-pizza.club
And then adding a more intelligent subdomain they have a very genuine appearing domain name – dominos.co.uk-2-pizza.club
Lessons & Observations for Fellow Web Security Professionals
Among other things, web security professionals use the age of the domain (how old is the domain) to establish the degree of integrity of the domain name.
This means, simply checking the domain in question through a website like https://whois.domaintools.com and confirm how many days ago it was registered.
Above domain is only less than 48 hours old. Also, note that domain is on purpose registered on a Sunday and just before the bank holiday in the UK, so that when complaints are reported to hosting provider or the business, chances of someone looking into this will be minimal due to less or no staff available.
Did you notice that Whatsapp did not complain that URL did not have an SSL ( no padlock? )
We suggest a simple solution to social media companies such as Whatsapp to minimise a vast majority of these attacks – Block URL sharing on social media such as Whatsapp if it does not have SSL or at least show to the user that URL is Not Secure!
Also, there is an opportunity for browser makers to embed the functionality so that visitors can see how old is a domain when they are visiting a website. We believe that by making the useful information visible, users will be empowered and will have one more piece of information to protect themselves.
If you need any assistance or guidance to bolster your Web Development & IT Security, feel free to get in touch and our team at Birmingham’s office will be more than happy to assist you.