Author: Adriana Lecerf

Consultant - Nameshield group

Slamming: a scam still too common

Slamming: a scam still too common

The slamming is a fraud aiming to deceive companies in order to sell by emails unsolicited services for domain names.

These slamming attempts are easily recognizable and play on their contacts lack of knowledge in some cases. The slammers propose services that you didn’t solicit with your official registrar (registration, whois’update, owner or registrar transfer…) at high prices. These emails are sources of anxiety and lead you to take a quick decision.

For example, a standard slamming email would encourage you to register domain names in emergency because a third party would have done a domain names’ registration request using exactly your company name or your lead product, identically (as if by chance). They recommend you to register them without delay to prevent any cybersquatting. Obviously, the “fake registrar”, in its great magnanimity has put on standby the domain name registration order for the good of the company…

Warning, the slammer uses visual references and the right technical vocabulary, misleading that way the company. They can also make reference or put the logo of some registries or actors of the Internet environment in order to give credibility to their speech.

What to do if you have any doubts?

Forward your emails to Nameshield, which will confirm you if these mails are fraudulent.

We recommend a management of your domain names centralized and managed by a person informed of the operations associated to domain names. Don’t take any decision in a hurry. You can also make a whois to verify the sender’s identity and the existence of the “registrar” company. You will then notice that most of the domain names used for slamming campaigns have been recently registered and that the companies holding the names are unrelated to the registration office activity.

Be careful, your domain names are intangible assets to protect, secure and value.

Nameshield assists you on a daily basis, in the management of your domain names portfolio, your digital brands protection and the risks management on the web.

A bad phishing story

A bad phishing story

A victim of phishing from 2015, asked her bank for a refund of 3300€, which was the amount diverted by a fraud author. However, during the legal procedure, the Justice has cancelled the judgement of the local court of October 2017, which has requested to the bank of the victim to refund the corresponding amounts of the phishing operation.

The reason of this cancellation? The victim has deliberately communicated some confidential data regarding her credit card, by falling into the trap of a phishing email (the scammer has posed as the telephone operator of the victim).

This cancellation argument argues that indeed, the mail didn’t have any recipient nor sender name and that the reject or unpaid mention was inexact. Also the victim could have prevented the trap set and not communicate her banking information. Therefore, it was her responsibility, which indeed cancels the request for the stolen money refund by the bank.

The majority of phishing websites use domain names associated to an existing activity or referring to an activity, with the aim to deceive users, by inviting them to click on the links of legitimate websites. It allows to increase the likelihood of the attackers’ success.

The phishing concept is to retrieve personal data on Internet via identity theft, adapted to digital support.

If it is true that fraudulent payment online is directly caused by the victim’s negligence, yet, she didn’t communicate neither her credit card confidential code, nor the 6 digit 3D SECURE code, which was sent to her by SMS to validate the payment. The victim has blocked her credit card the same day, after the reception of two 3D secure messages.

However, in this case, the bank affirms that regularly, it has raised its customers ‘awareness and communicated with them, in order to alert them of phishing risks and warn them to never communicate their confidential banking data.

Thus, the Court of Cassation has judged that the victim acted carelessly and could have prevented to fall into the trap of the fraudster.

Cyber threats heavily rely on web users’ bad practices, as the SANS Institute confirms. The threats the most frequently encountered in companies are phishing (72% of the respondents), spywares (50%) and ransomwares (49%).

According to the American company Webroot, about 1.385.000 unique phishing websites are created each month, with an impressive peak of 2.3 million during May 2017.

Be aware that these phishing websites stay active during a very short period: between 4 and 8 hours maximum, to prevent to be followed or blacklisted.

Of course, this case reminds that vigilance remains crucial more than ever!

A phishing attack more and more sophisticated

A phishing attack more and more sophisticated

Recently, some Amazon users have been the victims of a quite sophisticated phishing attack.

They received a fake e-mail from Amazon, alerting them that someone attempted to connect to their account by trying to change their password. A six digit code was transmitted with the instruction to call a number to verify the user’s identity. If the web users were not the source of these actions, they were invited to follow a specific procedure to secure their account. When they called the supposed Amazon number, they were directed to a Customers service department, located abroad. During the call, they had to go on a website and communicate the code to ensure the security of the account.

The copy of the phishing message:

A phishing attack more and more sophisticated

Fortunately, many web users have detected this phishing attack and didn’t fall into the trap. But for the others, were they victims of a malware or a data theft?

All web users are hit by these phishing attempts. They are part of our daily lives, but many brands raise awareness among their customers against these actions (mostly the banking industry which is the privileged target of hackers).

To be continued.

Disastrous consequences of a domain name non-renewal

Domain name - domain names renewal
Source of the image : SEO Link Building

The American telecommunication company, Sorenson Communication, has forgotten to renew a domain name for only a few days in June 2016. The decision has fallen at the end of September 2017, Sorenson Communication has to pay a fine of 3 million dollars. Why such a high amount?

The domain name which has fallen back into public domain was carrying a critical service for some users! It was the “Video Relay System” which telecommunication companies must provide to deaf people and persons with vocal disabilities, so they can make video calls and contact the 911 USA emergency number, by using sign language. Utah residents with these disabilities were unable to reach 911 for 3 days!

Sorenson Communication indeed realized rather late its omission and ended up renewing the domain name only 3 days later.

But this kind of omission can be easily prevented, thanks to the “automatic renewal” option for all your domain names portfolio. Your critical domain names, carrying services, website and/or mailboxes, will not be interrupted by a simple renewal omission.

On the fine of $3 million, 252 000$ are transferred to “The Federal Communication Commission” and $2.7 million to the company of “Telecommunications Relay Services Fund”, which has found a temporary solution to rent its bandwidth during these 3 sensitive days.

Equifax victim of a massive cyberattack

Equifax victim of a massive cyberattack

The American company Equifax, based in Atlanta, present in 24 countries, has been the prey of a particularly worrying cyberattack.

Equifax collects and analyzes personal data of customers soliciting a credit. At the beginning of September, the company revealed an intrusion in its database.

This IT hacking could have potentially concerned around 143 million American customers and many others customers soliciting a credit like Canada or Great Britain. The criminals have exploited a breakdown in a web application between mid-May and July. They have obtained names, social security numbers, birthdates, addresses and some driving license numbers. These data theft is really worrying.

This information will facilitate identity fraud and account hacking. In the United States, the social security number is necessary to work, open a bank account or obtain a driving license and usually to rent an apartment. Some data might even be already on sale on the Dark Web (part of the Web non-indexed by general search engines).

This attack directly touches the heart of Equifax’s identity and activity. The company has implemented a website (www.equifaxsecurity2017.com) and a phone number at the disposal of their customers and a security company to evaluate the damages.

Equifax victim of a massive cyberattack
Equifaxsecurity2017.com website

All companies should see this attack like a warning. This example is indeed the proof that companies can have difficulty in seeing what is happening inside their own computer networks. New attacks, each day more sophisticated, go more and more unnoticed.

Moreover, Equifax affirms to have discovered the attack on July the 29th. However, the communication done to the customers comes only at the beginning of September: an abnormal delay regarding data protection this sensitive. Today, those data have vanished into thin air.

This large scale hacking is far from being the first one. Last year, the Yahoo group has announced that one billion accounts have been hacked, while other American companies have also been the victims of hacking, like the Adult Friend Finder website, or Target, the distribution group. The thieves didn’t access to social insurance numbers, or driving licensing though.

This attack comes only to strengthen the necessity for companies to consider in their security strategy all the flaws likely to serve as entrance to cybercriminals.

Schmidt launches its new website in dot brand: Home-design.schmidt

Schmidt is one of the first French brands of kitchens, but also the first kitchen furniture export company in France.

Schmidt group has decided to launch its new website in « .brand » (dot brand), .schmidt and thus has joined many big companies which have made this bet, like BNP Paribas (mabanque.bnpparibas), MAIF (voyagepro.maif), Club Med (corporate.clubmed) or the latest, SNCF (oui.sncf).

Schmidt chose to regroup its activity under the « home design » designation which describes well its industry. The company is not only dedicated to the kitchen world but also proposes bathrooms and “custom-made” furniture for the entire house: dressing, TV furnitures… all with a design touch.

The domain name home-design.schmidt allows on the one hand, to optimize the SEO and on the other hand, to facilitate its development and its international communication. After its launch in Great Britain at the end of April, the website arrives in Belgium, and will continue with Spain, Italia and Switzerland by July the 4th.

The domain name home-design.schmidt is easy to recognize and to remember for general public.

dot brand - Home-design.schmidt website
Home-design.schmidt website

But what is the benefit for brands to have their own extension?

In 2013, some companies (including some thirty French companies) wished to have their own « .brand » extension, in order to capitalize on their leading brand. Most of them wanted to secure and protect their naming spaces (to limit intermediaries in the chain of actors involved on a domain name registration). The purpose is also to have a domain name really distinctive and reassuring for the final consumer. The brands fight against cybersquatting, but this is an endless war. It represents an important annual budget and doesn’t limit the damages enough. The message of the brands owners of a « .brand » (dot brand) is the following: If you’re not on my « .brand » website, then you don’t buy the products or services of my brand.

This practice to communicate in « .brand » isn’t known enough by the general public. Of course, the consumers’ awareness should be increased in order to use extra caution during their navigation, and that means the domain name verification.

So having its « .brand » is a differentiating factor and will be more and more used for marketing purposes.

.brand - ma.cuisinella website
ma.cuisinella website

Cyber-blurring: the strategy used by Macron’s digital team to face cyberattacks

Cyber-blurring - the strategy used by Macron’s digital team
Photo : www.gouvernement.fr

 

May the 5th , 2017, two hours before the end of 2017 presidential campaign, thousands of documents owned by the campaign team of the candidate Emmanuel Macron have been leaked and have been made public on American forum 4Chan, relayed by Wikileaks. Social media have played an important role in the attack and content diffusion: internal discussion of the political party, briefing notes, pictures, bills, accounting, which represent 9 gigaoctets of hacked data.

Since the beginning of the presidential campaign, it wasn’t the first attack faced by the team of En Marche’s candidate.  Alerted of a potential attack a long time ago, they have set up a cyber-blurring strategy to defend themselves. This method creates dozens of false documents (false emails, false passwords, false accounts) trying to slow down hackers’ work. This strategy is often used in the banking field to protect their customers. (This diversion method is also called digital blurring.)

 

L'Express Twitter account - Cyber-blurring: the strategy used by Macron’s digital team to face cyberattacks
L’Express Twitter account

 

Even if Mounir Mahjoubi, digital director of the En Marche campaign, thinks to have slowed down the hackers’ job with this cyber-blurring method, despite these measures, the attack was not avoided.

The hackers didn’t ask for money in exchange of the documents publishing. These documents which are not compromising for the Emmanuel Macron’s team, were not monetizable because the hackers would have to sort out 9 gigaoctets of data in a few period of time.

Consequences are few on the presidential campaign and the En Marche staff was not really affected. This counterattack was well implemented.

The hackers who were against Macron, didn’t have the success desired. Nevertheless, this failure will get them to become smarter, more ingenious, less visible and better prepared for a next attack.

To be continued.

Connected objects: unavoidable in DDoS attacks?

IoT- DDoS attacks

 

Nowadays consumers use and are around connected objects. The Internet of Things (IoT) includes all connected objects like a connected refrigerator, captor, light bulb, security camera, router or even a thermostat control. Their common point? To have an IP address and to be connected to communicate.

According to the American company Gartner, connected objects will reach 20.5 billion units by 2020. We will face an impressive growth of IoT in the years to come.

China, North America and West Europe will represent 67% of IoT in 2017.

However these connected objects are spreading frequently with security flaws, which is an opportunity for DDoS attacks!

Nowadays, Distributed Denial of Service (or DDoS) attacks are frequent. For hackers, it’s quite easy to set up attacks against an unprotected target. These attacks could lead to significant financial loss for companies by disruption of service (website or email) or indirectly, by the harm caused to the target’s image (bad buzz, bad reputation…).

With the arrival of connected objects, chances to be confronted to DDoS attacks are high.

These attacks are making a service unavailable by flooding the system with requests. With the help of digital and connected objects, hackers can send a massive number of requests on one or many DNS servers. They get to remotely control our objects because of their security flaws. If the DNS servers are not protected by a strong anti-DDoS filter, then they are under the risk of not absorbing the high number of requests and as a result, won’t respond to the user’s demands anymore.

In October 2016, DYN Company, DNS service supplier had been the victim of a DDoS attack by connected devices. DNS infrastructure services had been unavailable, which then impacted on their customers’ services: Twitter, Netflix, Spotify…

Many hours offline for these web pure players have a direct impact on sales revenue. DYN affirms that “Ten billion of IP addresses were touched” by this attack.

Last week, Melbourne IT Registrar was also a victim of a DDoS attack. Some of its customers were affected by this service disruption.

We might see more powerful attacks of this kind in 2017.

In the past, attacks were done by computers, today connected devices are a real weapon. Luckily those companies have affirmed wanting to reinforce security on their connected products.

DNS is an absolute priority. It’s essential to secure his strategic domain names by using highly secured DNS, so you can have a high permanent availability.

Nameshield offers a DNS Premium solution to gain performance and assure 100% availability.