What steps can be taken to combat phishing attacks using cousin domains?
Summary
What email marketers say13Marketer opinions
Marketer from Email Geeks says that submitting to URL blocklists if they have data on the cousin domains would be their main action point.
Email marketer from security-forums.com shares that setting up domain monitoring alerts for newly registered domains containing your brand name or common misspellings can provide early warnings of potential phishing attempts.
Marketer from Email Geeks suggests abuse report to domain registrar, and also to call the company to alert them.
Marketer from Email Geeks mentions Google Safe Browsing can be submitted here: <https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en> and Cloudflare as well if there is a web domain hiding behind them: <https://developers.cloudflare.com/fundamentals/reference/report-abuse/>.
Email marketer from VadeSecure explains that employing advanced threat detection technologies to block malicious URLs and attachments in emails helps prevent phishing attacks from reaching end-users.
Email marketer from sentrybay.com explains that implementing multi-factor authentication (MFA) can prevent unauthorized access even if credentials are compromised through phishing.
Email marketer from Mimecast explains that security awareness training for employees, including simulated phishing attacks, improves their ability to recognize and report phishing attempts.
Email marketer from Proofpoint shares that implementing DMARC, SPF, and DKIM email authentication protocols can help prevent attackers from spoofing your domain in phishing emails.
Email marketer from Agari explains establishing clear brand guidelines for communications helps users identify legitimate emails and spot phishing attempts that deviate from these guidelines.
Email marketer from redpoints.com explains that implementing brand monitoring to detect fraudulent domains, combined with swift takedown actions, helps protect brand reputation and prevent customer deception.
Email marketer from zerofox.com explains that continuous monitoring of domain registrations and social media for brand impersonation is crucial. They recommend using automated tools to identify and flag suspicious domains quickly.
Email marketer from Reddit shares that educating users within the organization about the risks of phishing and how to identify suspicious emails can significantly reduce the success rate of phishing attacks.
Email marketer from phishlabs.com explains that a comprehensive approach involves monitoring for cousin domains, typosquatting, and brand impersonation, followed by rapid takedown of identified threats to mitigate potential damage.
What the experts say5Expert opinions
Expert from Email Geeks suggests Openphish and Phishtank. Mentions that URIBL and SURBL might be amenable to having a trusted reporter give them domains. Also suggests getting an in to Google Safe Browsing.
Expert from Email Geeks shares that going for a takedown of the domains isn’t going to help, as they can rotate cousin domains far faster than that process. Suggests getting the cousin domains added to some domain-based blacklists.
Expert from Email Geeks warns that Cloudflare’s usual handling of abuse is to dox the reporter to the abuser and take no other action and to never interact with them.
Expert from Word to the Wise explains that continuous domain monitoring to identify newly registered cousin domains is crucial. Set up alerts for variations of your brand name to proactively detect potential phishing sites. This allows for early intervention and potential takedown requests before damage occurs.
Marketer from Email Geeks suggests <https://apwg.org/reportphishing/>.
What the documentation says5Technical articles
Documentation from apwg.org shares that reporting phishing sites to the APWG helps in aggregating and distributing phishing data to blocklists and security vendors, contributing to a collective defense.
Documentation from safebrowsing.google.com explains that reporting suspected phishing sites to Google Safe Browsing can help protect users by adding these sites to Google's blocklist, warning users before they visit the site.
Documentation from consumer.ftc.gov explains that consumers should be aware that legitimate organizations will not ask for sensitive information via email. Never provide personal or financial information in response to an unsolicited email.
Documentation from icann.org explains that utilizing the Uniform Domain-Name Dispute-Resolution Policy (UDRP) can help in recovering domains that infringe on trademarks, though this might be more applicable to clear trademark violations than subtle cousin domain phishing attempts.
Documentation from nist.gov explains that developing a cybersecurity framework with incident response plans helps organizations quickly identify, contain, and recover from phishing incidents.