Cyber attacks using phishing emails are a common and dangerous method of spying on passwords and gaining access to protected systems or sensitive company data. Phishing emails are fraudulent emails that pretend to come from trustworthy sources. They lead to websites that either contain malware or request a login. The fake pages are made to look deceptively real, making them difficult to unmask even at second glance. The result is the disclosure of login data.
Domains from your own company or cloud providers that look similar are often used for this. Examples include: “firma.xyz” instead of “firma.de”, “bymicrosoft.com” or even a letter exchange such as “voIksbank.de” (capital i instead of lowercase l).
Typically, such fake domains are registered via anonymizer services in order to conceal the identity of the people behind the fraudulent activities. Anonymizer services regularly block the release of both the owner data and the fake domains. This makes it difficult to identify and legally prosecute the perpetrators.
In order to access the data and take action against the use of such counterfeit domains, the domain can be transferred to the rightful owner via a domain dispute procedure before the WIPO (World Intellectual Property Organization). As a rule, this avoids costly court proceedings; it is therefore an effective and quick solution to strengthen the legal options for combating cybercrime and transferring counterfeit domains.
Measures to protect against phishing emails
Companies can take a number of proven measures to protect employees from phishing emails:
- Training and awareness-raising: Companies should hold regular training sessions for their employees to educate them about the dangers of phishing emails. Employees should learn to recognize suspicious emails, not to disclose personal data and to check whether the email is legitimate before opening attachments or clicking on links. Such training courses should also regularly send non-dangerous phishing emails to employees on a trial basis in order to measure and increase the effectiveness of the training.
- Implementation of security guidelines: Companies should define clear security guidelines for the handling of emails, especially phishing emails. Employees should be informed about the guidelines and actively adhere to them. This includes, for example, reporting suspicious emails to the IT department and using secure passwords.
- Use of IT security technologies: Companies can use technologies such as spam filters, antivirus software and email authentication mechanisms such as DMARC (Domain-based Message Authentication, Reporting, and Conformance) to reduce the number of phishing emails received and strengthen the security of their email communications.
- Checking domains: Companies should encourage employees to pay close attention to the sender address and URL links in emails. A close check of the domain can help to identify fraudulent activity.
- Incident response plan: Companies should have a clear incident response plan in the event of a successful phishing attack. This plan should include measures to contain the attack, inform employees and work with IT experts to minimize the damage and close security gaps. Such a plan is also mandatory under the NIS2 directive, for example.
- Use of a fake domain: If a fake domain was used in the cyber attack, we recommend finding out its owner and transferring the domain to your company if possible. The WIPO Domain Dispute Procedure is suitable for this.
By implementing these and other measures, companies can increase IT security and reduce the risk of cyberattacks. A proactive and holistic security concept is crucial to protect a company’s sensitive data and reputation.
Would you like to introduce measures to increase your IT security or have you been the victim of a cyber attack, e.g. via a fake domain? We will be happy to advise you.
