Home / Blogs

How Domain Data Helps Thwart BEC Fraud

By Jonathan Zhang Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com

It’s true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year.

Cybersecurity, Companies’ Greatest Challenge Today

Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? Take the case of phishing, particularly business email compromise (BEC). Phishing starts with the creation of a fake website—one that has been specially crafted to steal a victim’s site log-in credentials.

We know that creating a website requires the purchase of a domain. We also know that every domain owner needs to register his property before use and a record of that ends up in WHOIS and DNS databases. Tracking down a phishing email’s source is thus possible with a reliable source of information that would give the victim an insight into who owns the domain and what other domains are related to it and so should be avoided.

All phishing scams rely on a certain level of trust that the victims have on the brand or company that’s being spoofed. In BEC’s case, the cybercriminals rely on the spoofed sender’s name to get the victim to do their malicious bidding.

Let’s drill down into how a BEC scam works.

Zooming in on BEC

To pull off a successful BEC operation, the cybercriminals first need to know their victims—the person they will take the guise of (typically an executive of the target company) and the unwitting employee they will use to initiate the fund transfer (normally someone with access to the company’s funds).

Once the supposed sender and recipient of the email have been identified, the ruse is created. An example would be an executive who has made the decision to purchase software for the company’s use and needs the recipient to transfer funds from the corporate account to that of the software vendor. The email should be as credible as possible, and so the scammers either compromise the sender’s corporate email account or acquires a domain that looks like the company’s and uses that.

In most cases, the sender’s name is enough to initiate prompt action on the recipient’s side on the matter. Many fail to verify if the email they received is really from their boss. And because they’re used to obeying and not asking questions perhaps, they initiate transfers, sometimes even of huge amounts, not knowing that their company’s already being defrauded.

In cases where the sender’s account has been compromised, even the most security-aware recipient can fall prey. A check on the email’s source would only confirm that the sender really is the account owner. That doesn’t mean, however, that safety measures will not reduce risks.

How Domain Data Can Help

Most BEC scammers spoof domains so they can use visual tricks like substituting a lowercase l (as in “lion”) for the capital I (as in the personal pronoun). To make sure your eyes aren’t being deceived, copy the domain of the sender’s email address and look for it in a reliable WHOIS repository. Does the registrant’s name, organization, and other details match your company’s? If not, then you’re likely being taken for a spin by online fraudsters. Companies with their own security teams can take the necessary action—blocking access to the domains used in the attack.

Any security service provider can benefit from domain data to more effectively fulfill their clients’ requirements. Having comprehensive feeds of accurate threat intelligence on hand can ease threat hunting burdens. They can aid, for instance, in domain ownership verification or identifying ties to malicious activities. While domain data may not automatically prevent attacks, it does provide leads when identifying points of entry that need to be blocked.

* * *

BEC fraudsters have earned billions from their victims to date because they prey on the trust that is bestowed on known contacts. I am not saying users should be absolutely paranoid. They just need to take all the necessary precautions especially when there’s money involved because cybercriminals are always on the lookout for a company’s weakest link—the human factor. If arming everyone in the organization with security know-how fails, companies can still stay safe from threats with the right tools at work.

By Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

View All Topics