July 1, 2020
Scammers impersonating as hosting providers target website owners and bloggers in a new free DNSSEC phishing scam
According to a new report by Nakedsecurity and Sophos, a new scam targeting website owners and bloggers has been identified. The scammers, impersonating as legitimate hosting providers, offer users of those hosting providers a free security upgrade to their DNS (Domain Name System) to DNSSEC (Domain Name System Security Extensions), while actually aiming to take over their website or blog.
How is it done?
- An email is received from the supposed impersonating hosting provider, inviting the user to enter their confidential business credentials into an identical yet fake landing page of the hosting provider
- After entering the credentials, the scammers claim that users will be redirected to their own website, while actually leading to a 404-Error page, which includes the name of the fake site set up by the crooks followed by the site name of the user.
- Banners and URLs posing as those of the hosting provider can easily be encoded into an email sent out to the users.
- In a short process, Sophos was able to auto-customize the crooks’ scam page, using the banner directory left visible by the crooks on the phishing site.
How to protect yourself against this scam
- Use the login page of your provider account directly. Do not use links sent in emails to login to your account.
- Make sure to always use two-factor authentication to better protect yourself from the crooks.
- Using a password manager could potentially protect you from accidentally putting your password into the wrong site since the password manager will not be able to associate the password to the account related to a phishing site.
- Using an anti-virus with live web filtering could prevent you from visiting potentially harmful sites, even if without them containing malware.