🎣 A trick to spot phishing 📧

Phishing may be one of the most popular attack vectors out there, but it’s still crazy difficult to pull off. Most reputable email providers have security systems that filter messages with malicious attachments to spam, and have scanners that look for links in the email’s body that were flagged as malicious.

So, crooks constantly evolve their tactics to get you to click that link to a fake login page that steals your credentials.

One of the things they do is automate the creation of new malicious landing pages that haven’t yet been indexed as dangerous. This makes email filters useless and results in risky links making it to your inbox.

To do that, they abuse the cutthroat competition among generic top-level domain registrars. 

Top-level what now?

Interisle recently published an in-depth report on this topic, I wholeheartedly suggest you read it.

It is based on an analysis of 16 million cybercriminal events this year, and is sponsored by multiple anti-spam organizations, such as the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).

Mind the domain!

Here’s the deal - to buy a .com, or .net domain, you need to pay at least $6 (it’s usually a lot more than that) and provide some documentation about who you are and what you’re planning to do. Since you can expect that domain to last days, if not hours, before being flagged as spam and terminated, on a grander scale, it’s not exactly feasible.

However, to buy a .xyz, .icu, or any other top-level domain that was introduced in the last year or two, you need to pay as little as $1. In many cases, you don’t need to provide any documents and can get the domain registered in minutes. For crooks playing the high numbers game - it’s a godsend.

In just a few moments, and for a handful of dollars, crooks can register countless domains, set up convincing land pages, and send them via email to get you to disclose your passwords, or other data. 

So that’s my tip of the week - if you get an email and you’re not sure if it’s a phishing attack or not, take a good, hard look at the domain.

If it’s not reputable (.com, .net, .org, or any of the other, ‘older’ domains), I advise caution. Here is a list of domains I would be particularly wary of:

.top
.xyz
.shop
.vip
.club
.icu
.cyou
.sbs
.click

That’s all from me this week. Have a lovely holiday everyone, and remember - they can’t get you if you don’t let them!

• Sead from SmallBiz CyberWiz