Consider the following situation: You’re going about your day, checking your emails, when you see a message from a company that you trust. This email may appear to be safe to read, but it is not. It’s “SubdoMailing,” a fraud designed by cyber criminals to lure you into clicking harmful links or disclosing personal information.
What is the deal?
Cyber criminals pose as trustworthy brands, much as in traditional phishing attempts.
But here’s how it works: These cyber criminals comb the internet for trustworthy companies’ subdomains, which are the additional pieces of a site address that come before the main domain, such as experience.trustedbrand.com. That ‘experience’ bit is the subdomain.
They discover a subdomain that the brand no longer uses and that continues to refer to an expired external domain.
Then they purchase the domain and put up the fraudulent website.
When you click on experience.trustedbrand.com, you may be unaware that it immediately links to scamwebsite.com.
The criminals send around five million emails every day, targeting businesses like yours.
And because these emails appear to originate from a legitimate source, they frequently bypass standard security checks and end up in your inbox.
Here’s some advice on how to keep you and your data safe:
- Be aware of questionable emails. If anything appears suspicious, it probably is.
- Verify the sender before clicking any links or downloading anything. Check for red signs, such as spelling errors or odd email addresses.
- Ensure your employees are aware of current phishing strategies and how to identify scams. A little knowledge may go a long way towards keeping your organization safe.
- Invest in high-quality security software to deter cybercriminals. It may appear to be an additional cost, but believe us when we say it is well worth it.
As always, if you need help with SubdoMailing or any other aspect of your email security, get in touch.