The word “Impostor” means “Phony, fraud, sham, pretender, cheat.”

Nobody likes to be taken advantage of or to have their hard work stolen. Unfortunately, this is a crime that has been committed for centuries, and the cyber world is no exception. And while many people are aware of hacking, scams, and ransomware attacks, there are two additional ways that criminals are using the web – creating impostor domains and email spoofing, also known as Business Email Compromise (BEC).

In recent weeks, the crime of Impostor Domains has made tech headlines. Impostor Domains, also known as a homoglyph, are defined by Glosbe as “a character identical or nearly identical in appearance to another, but which differs in the meaning it represents.” Microsoft defines the word as “the exploitation of similarities of alphanumeric characters by cybercriminals to create deceptive domains for unlawful impersonation of legitimate organizations.” The use of impostor domains is similar to another malicious practice is known as Typosquatting or URL hijacking, in which hackers intentionally register domains of well-known websites but with the domain intentionally misspelled.

Entities creating impostor domains do this by substituting characters in a web domain, for instance, a 1 or uppercase “I” (Indigo) for a lowercase “l” (lima) or a “0” (zero) for an “O”. At a glance, it is easy to misread the domain because it looks like what we expect to see. This fraudulent activity resulted in Microsoft taking a West Africa-based company to court this past July. After all, note how easy it is to mimic the letters of their name! As part of the lawsuit, 17 other claims were filed against the company.

So, you may be thinking, “Well, my company is a small to medium-size business- especially compared to Microsoft, so why would my domain/business be targeted?” Ironically, Microsoft says that the African company targeted small U.S. businesses.

Identifying Impostor Domains

From both the consumer as well as the business owner’s perspective, it is important to be proactive against being caught by impostor domains. Here are a few steps you can take-

1. Pay close attention to the names of the domains you visit. The most “obvious” signs will be spelling errors, an extra letter in the name, or a different typecase. You should also see where/if they list their physical location.
2. What is the ‘mood’ of the text? If the website content is geared towards an emotional response- anger, fear, urgency- or if what it is offering sounds too good to be true or something you just can’t afford to miss out on, it is a good sign that the site is not legitimate.
3. Syntax and grammar errors are prevalent. While no one is perfect and spelling, grammar, and syntax errors occur on even the most well-known websites, impostor domains often have a significant number of grammatical errors. If you are on what you believe to be a legitimate site, but it is rife with grammar errors, take a few minutes to check the finer details- especially if a purchase is being considered!
4. Is there a seal of trust? By now, seeing those small padlocks has become the norm. However, if you have looked for these other tests for an impostor domain, and the site still leaves you questioning, then look for a seal of trust. This will be a badge or seal graphic with the words “secure” or “verified” on it. When clicked, you should see information specific to the company.

Protecting Your Company from Impostor Domains

As a company owner, you want to do all you can to protect your business website from being victimized by creators of impostor domains. To be proactive there are some steps you can take to track unscrupulous web activity.

1. Google your website. Go to your website and copy a couple of sentences, place double quotes around the sentence(s) then put them into the Google search bar, then search. Ideally, you will see your website come up in the web results. However, if you see other websites that come up with the exact phrasing, then you may be the victim.
2. Use your web analytics tools. If you are using a Real User Management (RUM) service. The services are loaded onto your website’s pages via the coding and should it determine that a page view or other forms of user activity have occurred, a message is sent to a collection system. That information is then processed, aggregated, and stored for future analysis.
3. Check the domain registration. Plug in your URL into a site such as Lookup.icann or who.is and look for your specific domain. Then, look for any domains that are similar to yours. Visit those sites and see if any of the content is similar to yours.

Sadly, just checking for impostor domains of your company website one time is not enough. A site that was safe at 10 a.m. can be the ‘victim’ an hour later. So, what can you do to protect yourself? After all, you don’t have time to check your website hourly! Thankfully, there are companies that devote entire divisions to monitoring for fraudulent web activity. Some of these include Domain Tools, Cipher, ImmuniWeb, and PhishLabs.

Dealing with Business Email Compromise – BEC

Like your website, your company email can be hacked by cybercriminals. These hackers will pose as someone the recipient would trust and then make threats or bids for obtaining your client’s personal information. Another tactic of BEC is to fill one’s inbox with dangerous and unwanted messages. The hacker will use many different tactics such as impostor domains, a lookalike webmail account, or redirect the conversations to a previously registered account. To prevent you, or your clients and site guests, from being hit by email hackers there are 3 actions you can take. There are a number of these types of tools available to choose from, so just find one(s) that fits your needs.

1. Add an SPF (Sender Policy Framework) record – This is a verification and authentication tool specifically for email. It helps determine the IP address; if the address doesn’t match your domain then the email does not go through.
2. Set up a DKIM (DomainKeys Identified Mail) – This tool uses encryption and ensures that a message does was not changed after it left the sending source.
3. Have a DMARC (Domain-Based Message Authentication, Reporting and Conformance)- Serving as a way to standardize servers check emails this tool uses both SPF and DMARC to confirm both the sender and the domain from which and email is sent. The domain owner is then able to determine the next action.

Protecting your website and email is all a part of owning your business. It may take time but it is better than being a statistic. If you have questions about your website and measures that you- or perhaps Page Progressive- can take to improve cyber security, contact us today.