Being the target of an email scam is not a matter of “if,” but “when.” For this reason, it’s important to be able to quickly and accurately identify suspicious emails and take precautionary steps to limit the risks for you and your business.

At Soteria, we filter a lot of spam emails through our DNSense™ brand protection and PhishPhry™ phishing detection platforms. On one occasion PhishPhry flagged a high-risk email we received from “Jose Wei” sent to our “[email protected]” email address. This all-text email had no attachments, weblinks, or malicious code detected in the email, but the message itself was suspicious enough for our phishing detection platforms to alert us.

phishing detection-email 1

Scam email Soteria received from Jose Wei.

Not long after PhishPhry caught this spam email, it flagged another phishy email one of our clients received.

phishing detection-email 2

Scam email one of our clients received from James Zhao. Look familiar?

The reason this scam was flagged as high-risk by PhishPhry was two-fold.
  1. The domain “Jose Wei” sent the email from was attached to a shared hosting machine that currently hosts multiple spamming domains.
  2. The structure of the email mirrored previous scam emails PhishPhry “learned” from past encounters.

The end goal of this particular scam was to coax our business into paying Jose Wei to register domain names containing the word “Soteria” on our behalf or face the prospect of his “clients” squatting on the new domains. It’s a typical extortion tactic used by many as it’s relatively low skill and surprisingly effective.

So the question now becomes, what happens if he does register a like named domain? What damage would it do and should I even be concerned? The scary truth is that often times these scammers use variations of legitimate domains to lure unsuspecting parties into any one of the Phishing scams, such as typosquatting and brand impersonation.

Phishing Detection Security Tip: When your business is presented with emails like this, should you take action? No Wei, Jose. Instead, try taking these simple steps to protect your brand and domains:

  1. Never respond to emails from unknown or untrusted services providers. It is important that you and your employees are aware of the potential scams circulating. This domain name scam is just one of many common email scams cybercriminals use to take advantage of unsuspecting business owners. Report suspicious emails to sources within your firm or a trusted party that manages your firm’s security.
  2. Register domain names that are close to your primary domain. In order to prevent scammers from using your brand name against you, register domain names that are close to your most commonly used domain. For example, our business uses “soteria.io” as our primary address, yet we also own “soteria.net.” By owning and monitoring domains we don’t actually plan to use publicly, it prevents others from registering them and sending spam or phishing attacks using our name.
  3. Monitor registration activity of domain names similar to yours that you do not own. When domains close to ours are already owned by another entity, like “soteria.com” and “soteria.org”, we still monitor these domain names to ensure they remain owned by a legitimate source using the domain name for an acceptable purpose. We also understand that some domain names have premium price tags that may not be feasible for a business to purchase. In either scenario, a business should still monitor these domains and stay alert if there is a change in ownership.
  4. Set up automatic renewal on critical domain names you own.Scammers spend their time scraping the internet waiting for businesses to forget to auto renew their domain names. They will then snatch them up and try to sell them back to you for a steep price or use them to send out email scams. Setting up auto renewal of your domain name will make it easier for you to protect your business while taking one more item off your to-do list.
  5. Use a domain name monitoring service, such as Soteria’s DNSense™ brand protection tool, to receive alerts as soon as a domain close to your address has been newly registered by someone outside your business or a trusted third party. For example, a domain name monitoring program would be able to alert you within a day of someone registering a domain such as “soteriastinks.com” or “soterio.io” By being the first to know, it enables you stay on top of how your brand name is being used and devise a plan to take the domain name back or alerting others to be on the lookout for suspicious activity.

While these tips are not an end-all solution to phishing detection, they are simple ways in which your business can stay ahead of scammers looking to use and abuse your brand. Protecting your domains and being vigilant of domain name registrations is a simple step a business of any size should take to protect one of a company’s most valuable assets: its good name.