You’ve received an email that looked legitimate and clicked on a link only to be asked for personal details and other credentials in a manner that didn’t seem quite right. We’ve all been there. Thousands of phishing emails are sent to individuals and businesses across Australia every week. Worryingly, email scammers aren’t resting on their laurels. Scams are emerging that can put you and your company at risk of data breaches. Worse, these practices are hard to detect.
Lookalike domains: Invisible to the naked eye
Lookalike domain attacks, also known as homograph attacks, are one of the new breed of techniques being used, and they’re extremely easy to fall for. The attack goes back to the very founding roots of the internet when computing resources were constricted and so domain names were limited to using the letters A to Z and the digits 0 to 9.
As the internet grew, it became important to have other languages and character sets supported, and so Unicode characters, which represent alphabets such as Greek, Cyrillic and Armenian, were born to cater for them
Where is this leading? Some letters in the Latin alphabet look a lot like those in Greek or Cyrillic. Cybercriminals are using this loophole to mask the true destination of a link.
Many web browsers convert Unicode characters to the limited A to Z, 0 to 9 character set, including no warning of the possible danger ahead. Others represent Unicode characters in the URL or begin a string of characters with ‘xn’. These different approaches lead to confusion.
Be wary of third party suppliers
Unfortunately, lookalike domain attacks are not the only technique gaining favour with cybercriminals.
Impersonation attacks have been popular for some time. These attacks use social engineering and are designed to trick users such as finance managers and executive assistances into making wire transfers or providing information that cybercriminals can monetise. Normally, these attacks target people from within the same organisation.
What’s new is that hackers are doing serious homework and have started to impersonate senders from ‘trusted’ third parties the target organisation does business with regularly. In fact, a recent survey of 800 IT decision makers conducted by Vanson Bourne found 30 per cent had experienced an attack in which a third party vendor had been impersonated.
So how can you protect you and your company against lookalike domain and supply chain impersonation attacks?
The first step is user education. Staff (and that includes senior management) must be taught to be suspicious of links within emails. Think carefully before clicking on any links and if you are unsure, it pays to contact the person or business separately to check if they are likely to have sent the message. And it goes without saying that initiating financial transfers to third parties on the basis of an email request is a definite no-no. The same goes for providing sensitive data such as log-ins, passwords and other credentials.
For lookalike domain attacks, if you’re in an environment where English is predominantly used, switch off the Unicode conversion in the browser. It’s also important to keep browsers up to date. Many modern browsers have mechanisms in place to try to thwart lookalike domain attacks.
Email is the number one attack vector for cyberattacks, so it is important that your organisation invests in a cloud-based email security service. Email security tools pool intelligence as well as leverage algorithms to identify emerging techniques used by attackers, such as lookalike domains.
A further step is to bring a security partner on-board. Many organisations are at risk of falling into the do-it-yourself trap. Security partners have their finger on the pulse of emerging attacks and can rapidly innovate to stay ahead of the arms race led by nation states and malicious actors.
There’s no doubt that attacks are growing in sophistication and within any organisation, security is only as good as the weakest link. By improving education and keeping up to date with technology, companies and management can guard against being scammed.
About the Author:
Nick Lennon is Country Manager for Mimecast, which provides advanced security, continuity and archiving cloud services for business email.