Phishing Recon Service

One of the standard features of LMQ Technology’s NextGen Managed Services includes our “Phishing Recon Service”. This service is designed to help protect your organization’s reputation, intellectual property, trademarks, as well as help improve phishing defenses.

Cyber/Domain Squatting

Domain squatting is where a malicious actor will register and operate a domain (e.g. www.your-company.com) that either deviates ever-so-slightly from legitimate domains owned and operated by an organization, or implies an affiliation with your organization (e.g. using a product name, etc.).  For example, let us suppose that the organization “Packet Professor LLC” registered the domain name “packetprofessor.com” to sell their online training program, and then a malicious 3^rd party came along and registered “packetproffessor.com”.  This illegitimate website may cause a number of issues for your organization:

• It may take revenue from your organization
• If used to steal sensitive information from potential customers, it may cause legal issues, and/or issues with brand reputation.
• It may be used to solicit customers.
• It may be used for Phishing purposes.

There are a number of different techniques that can be used to modify existing domain names, company names, and/or brand names.  Some of which we have featured below:

Character Addition (Adding a character to the domain) e.g. Packetsprofessor.com
Character Removal (Removing a character from the domain) e.g. Packetprofesor.com
Homoglyph (Substituting a character within the domain) e.g. PACKETPR0FESSOR.COM
Hyphenation (Breaking up domain with hyphen) e.g. Packet-professor.com
Repetition (Repeating a character within the domain) e.g. Packetproffessor.com
Sub domain (Breaking domain into two or more parts) e.g. Packetpro.fessor.com
Transposition (Transposing characters within the domain) e.g. Packetprfoessor.com

LMQ Technology’s NextGen Managed services routinely monitor “organization”, “domain”, and “brand” names to identify and alert on new domain registrations that may indicate malicious intent.  This information can then be used to enhance internal phishing defenses, as well as take any necessary legal proceedings.  It is worth noting that CyberSquatting is forbidden under “The Anticybersquatting Consumer Protection Act (ACPA)”.  The ‘ACPA’ defines ‘CyberSquatting’ as the registering, trafficking in, or using of internet domain names in bad faith with the intent to profit from the goodwill of a trademark belonging to someone else.

The above techniques can be classified as “Typo squatting” as they all involve registering a domain that has some form of “typo” in it (when compared to the original domain). These types of variations typically require human oversight or error to be of use. There is, however, another category of domain squatting known as “bit squatting”, and although outside the scope of this document, we will briefly discuss its operation:

Bit Squatting

Computers communicate using “binary” (a series of “1s” and “0s”), and sometimes these bits can become corrupted while in a computer’s memory.  This can happen for a variety of reasons, such as overheating, hardware errors, etc. When bits change, the meaning of the data does, too.  This data may include “domain name” information.  This corruption of data could result in the wrong domain name being requested and/or accessed through no fault of the user.  ‘Bit Squatting,’ therefore, is where you  take a legitimate domain name and derive all possible outcomes based upon possible bit alterations.

It is worth noting that the chance of bit corruption is extremely small and, therefore, ‘Bit Squatting’ is only really viable due to the large number of computers connected to the internet.