March 5, 2015: There are many online threats to a successful company that is online – especially if they are visible or if they are a Government organization. Some of the main threats that we see in the region here are:
- Fake domains that impersonate the legitimate website of the company
- Fake social media profiles (including LinkedIn, Twitter, Facebook and Instagram)
- Leaked confidential or Personally Identifiable Information (PII) about company senior staff
- Website defacement – where the website pages are defaced by hacktivists or malware is uploaded to websites
- DNS poisoning – and redirecting visitors to malicious or inappropriate websites
- DDoS attacks – this could be for blackmail reasons or for political reasons
The above are in addition to the “usual” threats of Phishing emails, viruses, malware etc. With the advent of Dubai Expo 2020 and the high profile that Dubai has in the region, its high visibility organizations are attracting more online threats and risks.
In this series of blog articles we will discuss these threats and risks and what can be done about them.
Fake Domains – Easy to setup yet cause massive damage
We start off by discussing the fake domains issue. This is quite common in the region. The modus operandi of perpetrators (perps) is to get a domain that sounds like the target domain. Mostly we see this for Government ministries and financial institutions. The perp registers a domain with one of the hundreds of registrars around the world. Most of the time the Registrant information is hidden, though sometime we see the actual contact information (not too smart!). The Government websites here in UAE generally have a form of Ministry of??? .GOV.AE or a shorter form as in MO???.GOV.AE domain name. We see perps register domain names like MO??-GOV.AE.com/org/net etc. or Ministryof???-GOV-AE.me or any one of the 100’s of TLDs that are now available
They then go to the actual live sites and do a simple copy paste of the HTML by doing a view source and copying and pasting the content to their fake site. They copy over logos, content, text etc. and try to make the sites look a bit like the original site.
We have also seen situations in which the perp will get a domain name and then create an iframe which calls the live website in a zero border frame. So when a visitor ends up on the fake domain – they will see the exact live domain – leading them to believe that they are on the live domain. This is very dangerous as malicious code can be injected which can then infect the visitor or reveal their login credentials to the original live site.
Now that the fake site is ready – what can it be used for?
One of the most popular uses of fake websites in the region is for attracting and defrauding innocent jobseekers. Once the sites look reasonably like the original, then the perps will add plenty of jobs on the home page and create fake career pages. They will use Search Engine Optimization (SEO) techniques to get high visibility – even better than the original sites. When an unsuspecting job seeker enters “Organization Name + Jobs” in the leading search engines, the fake site will be in the top search results. The job seeker goes to the fake site and they see many vacancies and for them to apply, they have to provide personal information, including sometimes, the credit card number. This information is captured by the fake site and immediately fraudulent charges are made on the unsuspecting jobseeker. Once the fraudulent charges occur, the jobseeker will realize what has happened but by that time its too late. Its very cumbersome to get the fraudulent charges reversed and the visible organization’s name has lost credibility online. The only winner in this situation is the perp.
In the next blog episode we will continue to discuss the damage caused by fake sites…