In a traditional phishing campaign, phishers send an email to users in an attempt to steal account or identity information. Many phish campaigns target likely online bank or e-merchant customers. A lesser known campaign targets individuals and companies who've registered domain names.
This sort of phishing is like diving for seawater pearls. In this analogy, the oyster is a domain name registration account, the oyster meat is the registration record. The real prize, the pearl, is the name server configuration for a domain name. In Part I of my Enterprise Efficiency article, Phishers Are Casting Nets for Your Domain Names, I explain how phishers run these phish campaigns, what they are after, why gaining control over name servers of registered domain names is so important to phishers, and what the consequences are for victims of these attacks. In Part II, I explain measures that organizations can take to protect themselves against these attacks: how to use registrar correspondence to your advantage, how proactive monitoring of your domain’s Whois and DNS information can serve as an early warning system of account compromise, and what information you'll need should you become a victim. So this isn't simply a wordy referral, I'll share some history. Rod Rasmussen of Internet Identity first shared a spample from a registrar phishing campaign with me in late 2007. I worked with Rod and members of the APWG Internet Policy Committee to gather information regarding the attacks. We took the info to ICANN's Security and Stability Advisory Committee (SSAC). |
Photo by ToastyKen |
SSAC Exposes Danger of Registrar Phishing
Since these email campaigns impersonate domain name registrars, SSAC published an advisory in May 2008. Since that time, we've seen similar phishing campaigns, and SSAC has published other reports that recommend measures to protect domain registration accounts against compromise. Some of these measures are recommended for registrars and some for registrants. My two-part series discusses these.
Domain names are critically important to any business or organization with an online presence. And if your name servers are not resolving your domain names to *your* IP addresses, you're in a heap of trouble. Don't dismiss them as plumbing. Protect your investment. Read the articles.