Cybercriminals Exploit Online Users With Spoofed Domains


    - David Goldstein -

    With cybercriminals seeking to take advantage anyway possible, internet users need to be aware of what they are doing online all the time. One of the myriad ways cybercriminals seek to take advantage of internet users is through what are known as “spoofed” domain names.

    FBI warns against spoofed domains

    Spoofed domain names, America’s FBI explains, are those that have slightly altered characteristics of legitimate domain names. For example, a spoofed domain may feature an alternative spelling, such as “Branshelter” instead of “Brandshelter”, or use an alternative top-level domain instead of the usual Or even both.

    In the United States the FBI was warning last year of how cybercriminals might use a spoofed domain featuring an alternate spelling of a word ("electon" instead of "election"), or use an alternative top-level domain, such as a .com version of a legitimate .gov website. Even the FBI themselves became a victim of cybercriminals who used spoofed domain names last year with a variety of misspellings, terms and top-level domains.

    With the upcoming German federal election in September 2021, the same applies for German internet users – they need to be aware of the domain names used for the websites they visit seeking election information. But it also applies when seeking out one’s favourite online shopping sites or planning that next holiday.

    How to protect yourself

    As part of its advice to internet users in the lead up to the American election, the FBI and CISA (America’s Cybersecurity and Infrastructure Security Agency) implored American internet users to critically evaluate the websites one visits and the emails sent to personal and business email accounts and to seek out reliable and verified information, whether it is for elections, holidays or online shopping. The same advice applies to internet users everywhere.

    Some of the ways one can seek out verified and legitimate information is to ensure the spelling of domain names (web addresses), as well as websites and email addresses, are legitimate and not just close imitations.

    Other protections one can take, as recommended by the FBI and CISA, are to keep computer operating systems and applications up-to date including security software; not enabling macros on documents downloaded from emails unless necessary; using strong two-factor authentication; disabling or removing unneeded software applications; not opening emails or attachments from unknown individuals nor communicating with unsolicited email senders while never providing personal information of any sort via email.