Spoofing is Getting More Sophisticated

By:  |  Category: Blog, Security Tuesday, August 28th, 2018  |  No Comments

Just browsing in the internet these days is a risky adventure. Diversions onto fake websites where scam artists are waiting to trap unsuspecting users has become a new threat..

A simple error in your typing corresponding with a spoofed domain and bamm!–clever scamsters have you.

According to phys.org, the problems reside in the design of the internet, and the intricacies of the combination of words, dots and symbols that comprise internet addresses.

“It’s no longer just .com, .net., .org and a handful of others. Now, there are 1,900 new extensions, known as top-level domains, things like .beer, .camera, .city, .dating, .party and .shop.”

“We see a ton of them being used maliciously,” said Mikko Hypponen, chief research officer at Finnish security company F-Secure, who called the new endings “a big headache.”

It starts with a “spoofing” of the Domain Name System, or DNS, which is like the Yellow Pages of the internet. Spoofing is tricking the eye with similar domain. Depending on what is typed into the domain bar, it’s a con to make phony addresses look real.

“Creating a spoofed domain name, or even hijacking a domain name, has become a lot easier today,” said Israel Barak, chief information security officer at Cybereason, a cyber security firm based in Boston.

Only a few years ago, spoofing an internet address, was far more challenging.

“You would have to maybe change that ‘i’ to a 1. I’m going to be M1crosoft with a 1 today, or even change the ‘o’ to a zero, or change the ‘t’ to a seven. For senior citizens with fuzzy vision like I’m starting to get, you might squint at that and say, ‘Looks like Microsoft to me,'” said Paul Vixie, chief executive of Farsight Security, a San Mateo, Calif., company.

But today, with the addition of domain names now using 139 modern and historic scripts, it’s gotten a lot easier to fool people.

Scamsters use look-alike characters to spoof internet addresses, sending users to bogus malicious, websites.

Unfortunately, numerous distinct characters look like the Roman letter “i.”

“They are completely visually the same down to the last pixel on your screen to the real lower-case ‘i.’ So there is no way that you’re going to tell the difference,” he said.

Using these exotic characters in a link is one ploy criminals use to send people to look-alike sites that may appear to be a bank website, a Gmail troubleshooting page or some other page that asks for a username and password.

Other scams are also used:

Cyber con artists also target employees of  corporations, nuclear plant, military unit or other high-value facilities where they seek a digital foothold. The hackers send the targets tailored emails with the malicious links.

“It’s easy(and) it’s cheap,” said Tom Richards, co-founder and chief strategy officer for GroupSense, a Virginia cyber threat intelligence firm.

As a hacker, Richards said, “All I need to do is register a website that looks like my target and then send that to a handful of employees or people affiliated with the organization or potentially even customers. And then I can trap them. I can send them malware. I can get them to fill out a form.

“It’s embarrassingly effective.”

Up until now, companies would buy two or three common domain names that were almost like their normal websites, but maybe off by a letter to ensure slipping fingers would be redirected. For example, consider Walgreens, if you type in walgreen.com or walgrens.com it will still take you to the drugstore chain’s site.

With the massive growth of new domain names, the task has grown increasingly difficult.

“It is getting harder and harder for companies. There are just so many combinations,” said Steve Manzuik, director of security research at Duo Security, an Ann Arbor, Mich., vendor of cloud-based security services.

It’s never been more important to double check what website you are on before entering any information or clicking on a link.

If you need assistance with your cybersecurity initiatives-give EnhancedTECH a call at 714-970-9330 or contact us at [email protected].



Leave a Comment
Read previous post:
cloud services
Boost Workforce Productivity 15% with Cloud Services

Speed is important in any industry, but it’s especially critical when you’re a technology company that keeps the power on...