Outsmart hackers! Analyze your Domain Name.
How hackers fool you with fake websites
As is most likely the case for many of us when going throught the daily mail, I’m largely seperating the junk from the real e-mails. And of course no inbox would be complete without its dose of phishing e-mails.
“When in doubt, always contact your IT support team. Don’t simply assume it’s safe!”
Phishing e-mails are getting better and better, and the bad actors trying to scam you, are putting more and more effort in creating them and making them look convincing. Often creating elaborate websites and registering valid domains just to pursuade you it’s the real deal! But what is a valid domain? And how can you distinguish a phishing website from a real website?
Let’s first agree to the following: “Phishing e-mails are often convincing, and you shoud always tread carefully. When in doubt, always contact your IT support team. Don’t simply assume it’s safe!” Now that I’ve absolved myself of any liability, let’s move on.
The DNS server
“DNS stands for Domain Name Service, and is basically the internet’s phonebook.”
Every website has an IP address. A set of numbers, similar to a phone number. But us humans prefer to memorize names over numbers, which is why we store those numbers in our phonebook and assign names to them. This is also true for a website. Nobody memorizes the IP addresses, we just type www.example.net and DNS does the rest.
DNS stands for Domain Name Service, and is basically the internet’s phonebook. Translating numbers into website names and website names into number. Understanding a domain name can go a long way in knowing if it’s trustworthy or not.
Check the Domain Name
Domain names are read, back to front, and start with the Top Level Domain (TLD). Examples of this are; “.com”, “.net”, “.be”. In front of that you will find the second level domain name, which is very often the name of the company or subject of the website. E.g. “Orbid.be”, “LinkedIn.com”, “phishing.net”.
“Although it is a valid domain name, it could be a fake website.”
“How will this help me spot fake domains?” I hear you thinking. let’s take the “orbid.be” domain as an example. Say you receive an e-mail from “firstname.lastname@example.org” asking you to reset you password, and you follow a link to a website. On this website you notice the domain name is “company-be.ru”, instead of “company.be”. This is a indication something is up. Analysing the domain name shows the Top Level Domain is “.ru” instead of “.be” and the Second Level Domain Name is “company-be”, instead of “company”.
This could be a bad actor trying to impersonate the IT department and redirect you to his own website to obtain you username and password, and although it is a valid domain name, it could be a fake website. This is a very common practice and could allow the bad actor access to your system and the company network.
Always closely inspecting the domain name, works as an added layer of personal online security, and will help you better identify fake domains and phishing websites. Never take any abberation for granted and stay alert! Bad actors pray on users making simple mistakes. Thank you.
System Engineer / Information Security Advisor at Orbid N.V.