Cybercriminal hackers are not, on the whole, stupid people. They know what levers to pull and what targets to attack for the most profitable return. Whether that’s by way of using ancient Windows technology, stolen passwords for credential stuffing, or, as in the case I am writing about here, sophisticated and highly targeted phishing attacks against owners of internet domains whose registration expiration date is within sight. Here’s what you need to know about the internet domain name registration hack attacks.
The Internet Domain Name Registration Scam Explained
A friend of mine has served time as a security engineer and also gained a master’s degree in computer forensics and security. He is, therefore, quite the wrong person to try to scam, even when the social engineering is targeted and quite clever. Raj has kindly agreed that I can spread the word and share his warning with others who might not be quite so genned up on the psychological tricks criminal hackers use to scam victims.
When I first started out online, internet domain names were free. If you knew how to register one, it was yours. Yes, I’m that old. I wasn’t clever enough to register a bunch of domains that would go on to be worth millions, however. While owning your own domain name was rare once upon a time, that is no longer the case. Just about every business has one, and an increasingly large number of individuals now own their own ‘vanity’ internet domains for email or website use. You can find me at happygeek (dot) com, for example. Yet this target demographic has gone largely unnoticed by the fraudsters and hackers out there, if you are talking about phishing attacks specifically aimed at the domain name registration process, that is.
Raj has been online just about as long as I have, and as he points out, that time has now gone as well. “If you happen to be someone who has their own Internet domain name(= and you are not wholly tech savvy,” Raj said, “be very wary of emails received pressing for urgent action, under threat of losing the domain.”
Yes, the urgency trigger is being pulled by the social engineers once again. This time, they are tapping into a targeted audience of people whose domain names will be up for renewal soon. These cyberciminals are, Raj warned, “harvesting domain contact details from the existing domain registration bureaucracy, then sending out bogus warnings of imminent (or already passed) domain suspension or expiry well ahead of the actual expiry.” They tend to be well ahead of the expiry date, but that’s not an accident. The hackers want to get the fake registration message out before the actual domain company can send you a genuine one.
The goal is unclear in the particular message that was sent to Raj, but you can be pretty sure it was to grab your credentials by way of a fake login page, ditto your credit card details, or maybe even facilitate malware distribution. The chances are high that it could involve all three.
Don’t be fooled, especially if there are many “act now” triggers in the email. Make sure that the communication is actually from your internet domain name registration provider, and contact them directly to confirm using a method you already know, be that email, web or telephone.
