The number of cybersquatting cases skyrocketed during the pandemic, resulting in the highest number of domain case filings ever reported since 2000. According to
Statista, there were 4,204 new domain cases filed with the
World Intellectual Property Organization (WIPO) in 2020 compared to 3,693 in 2019 and 3,447 in 2018. Fueled by the increase in online traffic during the pandemic, cybercrime numbers dramatically increased. Cybercriminals registered domains in bad faith to target legitimate company URLs using permutations with one or two letters changed/deleted or using alternative spellings such as checkclearing.com and chequeclearing.com. These bad faith registrations are often used in phishing scams, making it mission-critical for credit unions to find and takedown fraudulent sites before your members are tricked into revealing their personally identifiable information (PII).
Typosquatting - Make it Difficult for Squatters
Typosquatting (or
typophishing) is a bad-faith registration of a domain with the intent to set up a duplicate website to steal customer information from the brand being impersonated. In some cases, the perpetrators want to earn money from selling that customer information at a later date to that rightful brand owner. Typosquatters have also set up affiliate websites to gain clicks and revenue from affiliate links to that brand.
Back in the day, criminals impersonated brands by registering toll-free numbers close to that of a major brand. Unsuspecting callers would hear identical welcome messages, and even the IVR prompts would match. However, the similarities would end when customers were prompted to give personal information before the call disconnected. This was called fat-finger dialing, which has today turned into fat-finger typing. Customers who make typos by pressing the wrong keys (adjacent to the correct keys) when typing a URL on their keyboard will be served up a website that looks identical to the brand being impersonated. At that point, the criminals harvest as much information as they can before the brand owner is made aware of the spoofed website.
Other forms of this bad-faith registration include spelling errors. Today, the famous all-inclusive hotel brand Sandals Resorts redirects the domain sandels.com to their main website sandals.com. This simple misspelling accounted for thousands of hits per month from criminals who set up an identical website selling fake Sandals vacations. When criminals set up a domain almost identical to yours, they usually send phishing emails with the false domain. Members who are not paying close attention are tricked into revealing personal information or account credentials, and your credit union is placed in a defensive position. But what if you could identify and take down the malicious site BEFORE it causes damage? You can.
Proactively Scan for Fake Domains
Full-time monitoring services for fraudulent websites are often used to mitigate phishing attempts (as we
mentioned in a previous blog). These services offer 24 X 7 monitoring of your domain(s) to detect any new sites that are derivatives of your URLs. By monitoring name registration and usage of logos, scanning of spam, and other tools, the fake sites can often be identified and taken down before any damage can be done. But not all monitoring services are created equal.
There is a big difference between a service that identifies a fraudulent site and sends a message to an abuse mailbox compared to a service that takes down the site. Both recognize the threat, but only one service neutralizes it. Like any malicious prevention service, you want the threat neutralized when it is detected. This requires the takedown service provider to have relationships with hosts and registrars so they know that the service requesting the takedown is legitimate. And a critical feature for this type of service is to monitor for the reappearance of sites that have been taken down. Once a site is taken down, fraudsters may wait for a while and then repost the site, thinking that you have forgotten about it. Also, be sure to request the SLA and success rate for any takedown service.
Make No Mistake About It
Misdirections to incorrect websites will happen. As people rush to do research or complete tasks on their web-enabled devices, typing mistakes will occur, and the fraudsters know it. Protections for website URLs may seem “old school" in a mobile-first world, but remember that older generations are heavy users of the online channel for digital banking, and all generations use online search. That creates fertile ground for hackers to capture consumers' PII. Just as mobile app URL monitoring is critical to identifying and taking down potential fraudulent apps, monitoring your website URL is critical to preventing your members from entering their credentials into malicious websites, downloading malware that will capture login credential information, and participating in phishing attacks. A fraudulent website monitoring service will often identify and take down a malicious website BEFORE it can be used in a phishing campaign.
Real-time protection for any type of fraud is critical for the safety of your credit union. Website URL monitoring is often an overlooked component of a comprehensive security program. The good news is that there are resources that offer the proactive monitoring and takedown of fraudulent websites. And, since this is a service that monitors URLs, no integration is required.
Contact us for more information about this and other services available to strengthen your digital security program.