Protecting your domain name from cyber-squatting

Ronan David, Chief of Strategy at EfficientIP, describes the problems that cyber-squatting can pose, and explains how businesses can protect against it

The most valuable asset of a business is often its identity or brand. A reputed and well-known brand generates consumer loyalty and drives financial performance on autopilot.

Take Google for example. There are several search engines available today, some of them functionally as good, if not arguably better than Google. Yet, the name Google has become synonymous with internet browsing. A good brand identity brings constant value to a business. Unfortunately, threat actors are targeting this very brand of business identity to exploit today’s digital population.

When consumers see a product, service, or resource from a popular brand, they tend to trust it almost blindly. This profound credibility of major brands is exploited by cyber criminals to plot and launch a wide range of social engineering attacks - which is more widely known as cyber-squatting.

What is cyber-squatting?

Cyber-squatting is the practice of registering and using a domain name with the intention of profiting from an established trademark. It simply means reserving a domain as close as possible to your target’s name.

In most cases of cyber-squatting, threat actors tend to buy and register a domain name almost identical to an established and trusted brand or service mark. They use this fake domain name to impersonate the original brand and exploit the consumers.

There are several ways they can slightly change the domain name of a trusted brand to fool the eyes of a user. Sometimes, attackers simply change the spelling by adding or deleting a character. This is known as typo-squatting. For example, attackers in the past have changed Google’s spelling to ‘Googgle.com’ or ‘Goggle.com’ to launch social engineering attacks.

In some cases, threat actors can change the TLD (top-level domain) of a domain name and create a fake site, without even requiring a change to the original spelling of the brand. For instance, instead of ‘.com’ they often register fake domain names with ‘.co’ or ‘.org’. These small details often tend to go unnoticed by the average user, which leads to their digital assets being compromised by the attackers.

Furthermore, cyber-squatters often monitor registered domain names in the hopes that the owner gives up or forgets to renew in time. Expired domain names represent a great opportunity for threat actors to acquire a coveted brand name.

However, not all cyber-squatting techniques are malicious in terms of security. Domainers often purchase domain names in bulk, based on the hope that some businesses in the future will buy them back at a higher price. They use name-generation algorithms to identify words that are most frequently used across different social media platforms, and then proceed to buy domain names associated with such popular words.

The domainer business has seen large-scale transactions in the past. For example, LasVegas.com was purchased for $90 million in 2015. However, this approach has become less profitable today, as it does present significant financial risks in the event that no entity or person comes forward to buy the domain. 

Although the domainer method might not be illegal or often malicious, it is unethical in the sense that individuals might be buying domain names of existing trademarks that don’t have a digital presence yet.

Cyber-squatting and phishing - a dangerous combination

Over the years, typo-squatting has proven to be very effective in launching successful phishing attacks. Attackers would register slightly modified domain names and create identical landing pages to gain a user’s trust, and ultimately compromise their positions, steal their credentials, or even bank account details.

Phishing campaigns facilitated by typo-squatting can also play a critical role in APT (Advanced Persistent Threat) attacks targeting a business’s internal enterprise networks. In many cases, phishing initiates the kill chain.

Threat actors might impersonate the target businesses with a closely associated domain name and reach out to a third-party contractor to compromise their credentials. From there, attackers can laterally move across the entire network, compromise the internal servers, and exfiltrate critical data without potentially raising any alarm bells.

Protecting your brand and consumers from cyber-squatting

Cyber-squatting has remained persistent for a long time, yet it remains a very difficult problem to tackle. Firstly, businesses will not be able to reserve all the domain names that resemble their brand. This strategy is likely to cost them financially and the consistent management of these domains is almost impossible.

Secondly, there are no laws or regulations to prohibit threat actors from accessing or reserving available domain names. Buying or selling a domain name is a completely legal activity. As discussed previously, the domainer business has been very profitable in the past, and they are not always malicious individuals.

To establish an effective defence against cyber-squatting, businesses require a twofold approach - legal protection and technical security.

Understanding the legal grounds

In the USA, cyber-squatting victims can claim their rights directly through the ACPA (Anti-cyber-squatting Consumer Protection Act) or ICANN (Internet Corporation of Assigned Names and Numbers). Both of these can help businesses or individuals to present their cases of cyber-squatting and receive legal assistance.

In most parts of Europe, victims of cyber-squatting can bring the case before a judicial judge. In the UK however, there is no specific law relating to cyber-squatting. Victims can still seek legal assistance or take action through the avenue of trademark infringement, which is legally backed by the Trade Mark Act of 1994.

So, if not backed by law, what proactive steps can UK businesses take to stop themselves becoming a victim?

The technical cyber security approach

In terms of the more technical approach, businesses can use anti-spam, mail gateways, DLP (Data Loss Prevention) solutions or Layer-7 firewall protection. These solutions can potentially detect malicious codes and fraudulent links attached to emails and content.

More importantly, businesses should strengthen their user awareness policy. It’s important that users understand the potential threats of fraudsters and are vigilant enough when sharing their personal information.

It’s also important that business leaders don’t wait for their domain name to expire before starting renewals. If possible, businesses should always set up auto-renewals or auto-reminders. It’s important to remember that the redemption period status of your domain name is of particular interest to domainers and potential attackers.

Network administrators should also regularly test and verify the network’s entries. Indeed, a badly configured public DNS zone can facilitate phishing campaigns. Using proprietary DNS monitoring services or solutions can help businesses to be better informed about potential fraudulent domains that could target and attack their users.

With no specific regulation or specific legal grounds, it’s evident that cyber-squatting will remain prevalent for years to come. Building better awareness among your users, while also leveraging insights from DNS and DLP solutions can help businesses to mitigate the threats of cyber-squatting.

Ronan David is Chief of Strategy at EfficientIP

Main image courtesy of iStockPhoto.com