The NCSC announcement that in just four months, it has removed over 300,000 URLs linking to investment scams with fake celebrity endorsements.
Consumer facing businesses have a duty to understand if their customers are being targeted by typo squatters by email or by fake posts. There are steps any company can take to understand if their brand is being impersonated. Checking their domain for similar alternatives is a first step and there are free services which can help. If a fraudulent site is found or suspected, getting expert help to investigate is important. Spoof domains can offer fake goods, skim valuable customer data, and can also serve up malware so checking potential typo squatting sites can be risky. Companies should also monitor for sale of fake or stolen goods on legitimate commerce sites and provide educational information on ‘how to spot’ a fake item or reseller. A third step is for businesses to register similar domains to their own making them unavailable to fraudsters. Cyber security experts can help by offering monitoring services for counterfeit goods, typo squatting and takedown services so getting an expert to help can speed up the process dramatically.
We believe the industry must do more to prevent these sites being set up in the first place, however. Registration and hosting businesses should verify identities of individuals setting up sites and require them to use traceable payment methods as a minimum.
Consumers should also be on guard. With scams such as this on the increase, users also need to stay ultra-vigilant to avoid giving criminals a free pass to their most valuable data. A well-crafted email can look utterly convincing: educate users in what to look out for, that they need to be suspicious of every email and must alert security teams for anything that looks unusual. Have processes for reviewing any suspicious emails or requests to install or make changes to apps.
Always err on the side of caution. In particular, any emails that appear to be genuine and from a credible source which are asking for money transfers or other critical information should always be verified in person or by phone with the sender.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics