Originally published by David Goldstein of Brandshelter
With cybercriminals seeking to take advantage any way possible, internet users need to be aware of what they are doing online all the time. One of the myriad ways cybercriminals seek to take advantage of internet users is through what are known as “spoofed” domain names.
FBI warns against spoofed domains
Spoofed domain names, America’s FBI explains, are those that have slightly altered characteristics of legitimate domain names. For example, a spoofed domain may feature an alternative spelling, such as “Branshelter” instead of “Brandshelter”, or use an alternative top-level domain instead of the usual brandselter.com. Or even both.
In the United States the FBI was warning last year of how cybercriminals might use a spoofed domain featuring an alternate spelling of a word (“electon” instead of “election”), or use an alternative top-level domain, such as a .com version of a legitimate .gov website. Even the FBI themselves became a victim of cybercriminals who used spoofed domain names last year with a variety of misspellings, terms and top-level domains.
With the upcoming German federal election in September 2021, the same applies for German internet users – they need to be aware of the domain names used for the websites they visit seeking election information. But it also applies when seeking out one’s favourite online shopping sites or planning that next holiday.
How to protect yourself
As part of its advice to internet users in the lead up to the American election, the FBI and CISA (America’s Cybersecurity and Infrastructure Security Agency) implored American internet users to critically evaluate the websites one visits and the emails sent to personal and business email accounts and to seek out reliable and verified information, whether it is for elections, holidays or online shopping. The same advice applies to internet users everywhere.
Some of the ways one can seek out verified and legitimate information is to ensure the spelling of domain names (web addresses), as well as websites and email addresses, are legitimate and not just close imitations.
Other protections one can take, as recommended by the FBI and CISA, are to keep computer operating systems and applications up-to date including security software; not enabling macros on documents downloaded from emails unless necessary; using strong two-factor authentication; disabling or removing unneeded software applications; not opening emails or attachments from unknown individuals nor communicating with unsolicited email senders while never providing personal information of any sort via email.
About brandsec
Brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.