Mohammed Al-Moneer , Regional Sr . Director , META at Infoblox , tells us how to recognise four types of lookalike domain attacks that all organisations should be on the lookout for . start at the domain name system ( DNS ) level , which is the first point of attack for many threat actors . The most common use of DNS is for computers to be able to find content on the Internet for a domain name .

Facebook / Meta , for example , can be accessed through the domain name facebook . com . However , DNS is often overlooked and unprotected , meaning that if hackers break through that initial DNS layer with a lookalike domain attack , they can often gain access to an entire network . Even though users are suspicious of email from unknown senders , these domain names may appear indistinguishable from the expected domain and the user may be caught off guard .

The use of lookalike domains is profitable for threat actors because it is an asymmetric attack . Cheap domain registration prices and the ability to distribute large-scale attacks unfortunately give actors the upper hand . While techniques to identify malicious activity have improved recently , it ’ s still become increasingly difficult for organisations to keep pace . In fact , hackers can buy tool kits on the Dark Web for just US $ 300 , allowing these attacks to be launched at scale with little to no effort .

Mohammed Al-Moneer , Regional Sr . Director , META at Infoblox f you think you ’ re seeing double , you

As users have learned to scrutinise links in emails they receive – and while the security industry has increased their ability to automatically detect threats , cybercriminals only continue to innovate and get smarter in their tactics .

Infoblox analyses over 70 billion DNS events daily to find new and potential threats . Here are four types of lookalike domain attacks , in particular , that all organisations should be on the lookout for :

• Homographs or homoglyphs use visually similar characters from different character sets such as Cyrillic or Greek to create domain names that appear identical to legitimate ones ( e . g ., substituting ‘ o ’ with ‘ 0 ’). What makes

Threat actors have successfully driven people towards lookalike domains in their attacks via SMS messages , direct messages on social media and QR codes . Clicking on these links can lead to identity theft .

Wondering how hackers are able to easily reach and trick unsuspecting victims to click on suspicious links ? It ’ s because lookalike domain attacks often

22 WWW . INTELLIGENTCISO . COM