Online businesses are the order of the day. Therefore, there are more and more websites and, consequently, more domains in circulation. Unfortunately, they are not safe from attackers. Next, we will demonstrate the importance of protecting the domain purchased correctly to avoid inconveniences that could harm the business involved.
Take as an example an online business that has its own domain name. It now features essential security measures, such as the padlock Registrar (Registrar Lock). The latter is to require a person to confirm any changes requested to that domain. However, the means by which this person can confirm can be anyone, even a WhatsApp message.
Imagine that a person communicates with the technical support team of the company that hosts this domain. It claims to be the original owner (registrant) of this domain and asks that it be transferred to it. It even sends evidence (which, in reality, is not authentic) that it is indeed such a registrant. Who attended the same, has not noticed that it is a scammer and wants to appropriate an account that is not yours.
Without further revision, the support agent approves the attacker and proceeds to transfer the domain. This without having carried out the corresponding checks and having relied blindly on evidence that, in fact, is a montage. Now, the domain belongs to another reseller that belongs to the same provider. Which means that the original and authentic owner was not notified of this fact.
Once again, intelligent social engineering techniques bring out how harmful they can be without making too much effort. With the single act of persuasion, the attacker who now has the domain managed to allow the support agent to make the transfer without even submitting personal documentation.
Security measures to protect your domain
Register-Lock
It is a process that is more rigorous and manual that sometimes runs offline. Register-Lock is a status code that neutralizes any social engineering attempt to appropriate your domain registrar. With this, your registrar cannot move your domain to another domain registrar. If you want to do that, you must verify manually with the domain registration associated with it. However, not all domain registrants have support for these registration locks. An important detail is that this serves both to prevent unauthorized operations, as well as accidental changes that we have unintentionally made.
The Registrar-Lock allows us that the modification actions (transfer and deletion of the domain) as well as the modification of the contact details are prohibited without a second verification. However, renewing the domain can be done without problems, even if we have configured the Registrar-Lock in our domain registrants.
DNSSEC
Another alternative is the continuous monitoring of the DNS settings is DNSSEC. It is an activity with a more effective approach to prevent potential attacks on your domain and DNS infrastructure. If a domain name server (DNS) determines that the registration of the web address for a domain has not been modified along the way, it resolves that domain and lets the user visit the website. On the other hand, if there was any modification or does not match the requested domain, the DNS server blocks the user from accessing the suspicious page.
DNSSEC is a security measure that is provided to customers to authenticate the origin of the data, it is made to protect them from fake DNS data. All DNSSEC responses are digitally signed, and that signature is checked to confirm that everything is correct. An important detail is that DNSSEC does not guarantee data confidentiality, that is, DNSSEC responses are authenticated, but not encrypted at any time, for that there is already both DNS over HTTPS and also DNS over TLS.
With these two solutions, we will secure our domains from the attackers. They apply procedures and techniques increasingly thought, planned and developed to achieve their goal. Recall that, as well as the case mentioned above, social engineering is one of the main weapons that do not usually fail.
So if for some reason, they call you to request sensitive information by phone or by any other means, think about it more than once. Especially in large organizations, one is more exposed because of the corporate data that is handled. We must be cautious and not be afraid to doubt information. Our personal data is truly ours, be it a domain or a social network account, or a license to a corporate software.