Domain Scams: A Chain is Only as Strong as Its Weakest Link (Pun Intended)

jj-ying-PDxYfXVlK2M-unsplash.jpg

In today’s world, pretty much every business has online customer interaction; due to this, cybercrime is rising, and phishing attacks are growing at a rapid pace in sophistication and usage. For this post, I am going to talk about domain name scams, primarily typosquatting, where an unaffiliated individual purchases a domain which is similar to a business’s, and then uses that domain to send its customers emails and notices.

Why does this occur? Well, creating and purchasing domain names is a relatively simple process with little-to-no governance involved. By obtaining a domain which is similar to one owned by a business, you can message their customer while appearing to be affiliated with their company and request payments or personal information. For example, say your company owns ‘www.randomcompany.com’ and someone purchases ‘www.randomcompany.co;’ as you can probably tell, the ‘m’ in .com is missing from the original address; however, for the unexpecting customer, they might not be so vigilant.

 

For a little background, there are several other variations of attacks that can be involved in a domain scam, besides the abovementioned typosquatting.

Domain Hijacking: occurs when somebody gains access to your domain registrar account details, thus gaining full control of all domain-based functions (changing/transferring domain name/DNS name servers, editing technical, personal, admin. details). When a domain is hijacked, attempting to reclaim ownership of it can be a lengthy process, especially when transferred to another registrar.

Domain Phishing: occurs via scam emails which route unsuspecting customers to fake websites posing as the original registrar’s sites. Within a phishing email, the attackers gain sensitive data such as banking information and personal details, which can then be utilized in identity theft.

Going back to our original issue, you have just woken up, checked your email, and unfortunately learned that a misspelled-version of your domain name is contacting your customers in hopes of obtaining a ‘missed payment.’ What can you do to stop the emails from happening, inform your customers of what to look out for, and most importantly, safeguard your domain to prevent any further attacks?

If your company has a legal team, they should be able to help you create your own plan of counterattack. Besides notifying your customers of the potential scam and adding a warning on your emails stating to only interact with it if the sender’s domain matches your own, legal actions should be taken immediately. While the effectiveness of contacting your/their registrars and informing them of the issue can vary, they might be able to put the domain on hold, preventing further re-sales/transfers; during this process, you will most likely be asked to authenticate your ownership of the account in question. For a list of approved Dispute Resolution Service Providers, check out ICANN.

How to Strengthen Your Domain Security

To prevent domain scams in the future, there are several methods to bolster your website’s defenses. Choosing the right domain registrar company is an excellent first step; be on the lookout for features such as two-factor authentication, DNS management, and 24/7 technical support.

If your registrar allows two-factor authentication (2FA), always enable it. 2FA ensures that even if an unauthorized individual has access to your domain’s username and password, they will have to get through a second layer of security to access your account (such as entering a code sent to your cellphone). Domain locking, while generally enabled by default by popular registrars, prevents unauthorized domain name transfers; this should always be on. ICANN WHOIS is a great tool to help reduce the amount of personal data you expose on the internet, including your (or your company’s) physical and email address, phone number, and other potentially sensitive information. Next, similar to all login credentials, your password’s sophistication and security practices need to be extensive and advanced. Passwords should have 8+ characters, avoid dictionary words, use a combination of numbers, symbols, lower/uppercase letters, as well as frequently changed. Furthermore, keep your domain’s contact details updated and not shared with anyone.

Final Word

A single case of a hacked or stolen domain can significantly impact your business in numerous ways, potentially leading to declining sales, lower customer trust, reduced SEO rankings, or even the total loss of a company. Your domain name and its security are just as crucial as your apps, content, and coding; spend the extra money on a reputable registrar, backup service, and purchase the common spelling variations of your domain; you won’t regret it.

Personal Branding

ben-rosett-WdJkXFQ4VHY-unsplash.jpg

Personal branding, in my opinion, is the method of influencing those around you with your attention to detail, work ethic, business practices, social interactions, and what you bring to the table. Your brand can consist of projects you have designed, scripts you have built, operations you have streamlined, and tasks you have automated. Furthermore, in the world of technology, your personal brand can include your social media presence, blogs, apps, and websites.

At every stage of your career, from high school and beyond, people are searching for your online presence. Having served in the U.S. Air Force, your personal brand and online persona were thoroughly scrutinized before and during your time of service. As an IT professional, you have access to highly sensitive databases of information and are often in charge of protecting your company’s interests from cyber threats. By taking control of your personal brand online, you may control the narrative, instead of letting someone else do it for you.

While many have not used the term before, your personal brand exists all around you. For coworkers, your personal brand is the first thought they have when you get assigned to their team to assist with a project. If you are known to go above and beyond what is expected in your daily duties, your personal brand will reflect on this, fundamentally communicating with your new team before you even enter the room. On the other hand, if you are notorious for disrupting workflow, your team will already be dreading associating with you. Another way I look at personal brands is your aura; essentially, the energy you produce.

In the marketing world, personal branding is defined as the process of developing and maintaining people and their careers as brands. Per David McNally in the book ‘Be Your Own Brand,’ “your brand is a perception or emotion, maintained by somebody other than you, that describes the total experience of having a relationship with you” (McNally, 2011). Celebrities use their personal brands by merely slapping their name on different business ventures, giving them free advertising and recognition. For those in IT, your personal brand may be your degrees, certifications, work history, or publications. For example, when you get assigned to manage a company-wide Windows 10 deployment across multiple continents, your personal brand serves as a stamp of approval, placing your whole collective works and accolades onto the project, giving those who manage you, and those who you manage, assurance of your ability to perform.

Reputation is everything, as getting started in many professions, especially IT, comes down to who you know, not what you know; however, after that initial introduction, your personal brand begins to develop and impact those around you. Much like Dr. Emoto’s negativity experiment with rice, positive energy directed towards your profession and those around you can pay off tremendously. No matter where you are in your IT career, from helpdesk to CTO, build and maintain your personal brand; it is what enters a room before you and what is left behind after you leave.

Source

McNally, David. (2011). Berrett-Koehler Publishers. ‘Be Your Own Brand, 2nd Edition: Achieve More of What You Want by Being More of Who You Are’.

Imposter Syndrome

razvan-chisu-Ua-agENjmI4-unsplash.jpg

You may have heard of or experienced first-hand the effects of imposter syndrome, regardless of your career. Defined as the psychological experience in which a person questions their skills, accompanied with a consistent fear of being exposed as a fraud, imposter syndrome wreaks havoc on your mental state in the workplace and often has you wondering if you even belong there.

In the world of IT, with its continuously expanding level of sophistication and advancement, self-doubting your abilities is as common as “my computer is turned off” tickets. It is quite impossible to always stay current with new technologies, best practices, and coding languages, and because of that, knowing how to combat imposter syndrome is as essential as your IT certifications.

My Experience

After I earned my Bachelor’s degree in IT and coming from a military background, I had little to no confidence in my skills; it’s safe to say that many of those in my first interviews could tell as well. The civilian world is much different than life in the military. I had to literally change my language from fast-paced instructions, curse words, and an overall feeling of superiority to a more toned-down 1’s and 0’s tech vocabulary; on top of this, once I landed my first IT job, I was thrown to the wolves, having to learn everything on my own and at a quick pace. I immediately felt that I didn’t belong at my job, and my promotion to IT Manager only made things worse. However, once I was acclimated with the slower pace of the civilian world, I found time to study, practice, and develop new ways to absorb all of the lessons I could (aim to be sponge).

Know Your Worth

While it is up to you to maintain your level of involvement in learning new things, understand that you, at the core, have a certain level of expertise that needs to be recognized. Your colleagues will often have a higher level of understanding for things you haven’t even heard of, but on the other hand, your IT knowledge might be more current, as you studied in the recent years of new technology. If all else fails, the phrase, ‘fake it till you make it’ has actual benefits; why it helps to have the genuine skill to back it up (obviously), don’t be afraid to act like you know something when you don’t. I am not saying to lie, but if you have time to research the question or task before your next encounter with the person, tell them that you have that project covered. Find what you are good at, apply it to what you are weak in, and acknowledge that you, like everyone, are a work in progress.

Fear

One of the most significant effects of imposter syndrome is fear; fear in not being up to the task, fear that you only got the job by chance, and fear that someday soon, your boss will uncover the fraud that you are. In my time in the military, I found that fear is one of the greatest motivators. In South Korea, you could typically find me cruising the busy streets while hauling thousands of pounds of MK84 bombs; was this scary as an 18-year-old? Yes. Did it motivate me to follow the speed limits? Well, no….but the concern was definitely there. The world of IT is very much like my life as a Munitions Technician, but instead of building an AIM-9 guided missile (which could blow up at any second), I am now building entire systems of communication for my company (which if I failed in doing, we could lose hundreds of thousands of dollars a week). Fear is what entices you to take the time to study, to excel in your daily duties, and to allow yourself to celebrate after you have kicked down its door.

Summary

Regardless of the tactic you wish to use, it is vital to the future of your career that you understand the effects of imposter syndrome and the fact that those around you are going through it as well. Next time you are in a meeting trying to understand topics that seem way out of your paygrade or get tasked to build the framework of a system you have to Google to even spell correctly, remember that there are many tools at your disposal, the greatest being believing in yourself.

I know I have thrown a lot of shade at imposter syndrome, but having it isn’t always a bad thing. Simply questioning your competence in your profession is actually a sign of competence; I know what you are thinking, but hear me out. In the words of Charles Stross, “Only people who understand their work well enough to be intimidated by it can be terrified by their own ignorance” (Stross, 2018). After all, we are all products of our individual thoughts and aspirations; knowing how to identify and control them is up to you.

Source

Stross, Charles. (2018). Goodreads. The Labyrinth Index. Retrieved from https://www.goodreads.com/book/show/36053406-the-labyrinth-index.