Scammers are using Abandoned Domains to Steal Sensitive Information


Do you aspire to take your unbeknownst website to the top level of Fame? Do you seek Internet presence for your business or organization? Do you yearn to add credibility to your online business and give it a unique identity?

Abandoned-Domains 2

Successful registration of a domain name for your website can add a feather to its cap. Domain names now days are deemed as online real estate. It is considered vital to have an online presence for your business to flourish to new heights. It provides a platform for the potential customers to make successful business transactions without worrying about the limitations that would have restrained them otherwise. The geographic location is considered to be one of these limitations.

There shouldn’t be any denial to the fact that Domain name designs and business growth go hand in hand!

Can we buy a domain name forever?

Technically a domain name cannot be bought forever. Based on the Domain registration and web hosting company, you can register a domain for up to 10 years. When a domain name expires, it is moved to a reserved state allowing its previous owner to reclaim it. The grace period varies for each registrar and is typically 30 days.

If the previous owner fails to reclaim it, a closeout auction is held where the domain is made available for purchase to anyone. If there are no back-orders and no bidders of this domain it is listed in the registry for general registration.

These abandoned domains are leveraged by threat actors to retrieve emails that hold sensitive information, account passwords of popular online services or access other profession-specific folders.Abandoned Domains

How do threat actors obtain abandoned domains?

A new breed of cyber maniacs has come up with the ingenious tactics to circumvent security measures to swindle users. These threat actors misuse the list of domains dropped by the registrar available for purchase with no extra cost provided by multiple online services.

How are the abandoned domains misused?

Imagine that you vacated your home or workplace and now there is no one living there. This deserted place with no security is but obvious susceptible to embezzlement.

So are abandoned domains.

While registering for a domain you are authorized to register for email services. The number of registered email services varies for each registrar.

1)  Owning or breaking through an abandoned site gives access to the email flow, that contain messages intended for former business. To make it any easier, scammers have launched shady techniques to collect all emails in a general inbox via catch-all email service.

A catch-all email account is created with the purpose to receive all the emails addresses to wrong email address or domain. For instance, there are four email addresses registered with the same domain; [email protected], [email protected], [email protected], [email protected] and [email protected] is set as catch-all email account. An email sent to any other account except for the ones mentioned above for example [email protected], are sent to catch-all email account i.e. [email protected] in this case.

This gives threat actors wonderful opportunity to glean the details of the mail and launch fraudulent activities.domain-theft

2)  Initiating password resets for any online service like Twitter, LinkedIn, FaceBook you need to possess a working email address. Since many employees use their working email address for personal purposes, this land them in a soup as their accounts become vulnerable to hijacking.

How to save accounts or email addresses from being misused?

  1. Ensuring that the domain is valid for indefinite period even after it is no longer used is the best way to defend against such abuses.
  2. Dissociating the online services with the business emails is another solution to avoid your accounts from being hacked.
  3. Implementing Two-factor authentication that makes use of both the email account and a code sent on your device in possession to access any online service is the best practice to protect your accounts against such thefts.
Virus Removal Guidelines