Yes, we know that you now know about phishing attacks. Basically, do not trust emails from companies you do not know, correct? Well, unfortunately, that is no longer the case. Yep! The cyber criminals have done it again and found a way around to get through this defensive mentality.
This time, threat actors will try to trick their targets by using the names of reliable and trusted companies. The tactic is called “SubdoMailing” and yes, it is as malicious as it sounds. And no, it is not as easily identifiable as previous versions of hacking.
So far, using the name of trusted brands and companies is not necessarily new in phishing. Phishers have tried using plain emails, survey forms, delivery services and photos to get their victims to give up information and log in data. Over time, their targets have become more vigilant to these kinds of trickery. This time, however, the plot thickens a little bit more.
In SubdoMailing, cyber criminals start by going through the world wide web to locate subdomains of known and trusted companies and brands. Remember those “additions” in the usual website address that is added to the start of the main domain? For example, if the brand name is Reliable Brand and their main website is reliablebrand.com, when it becomes experience.trustedbrands.com (maybe from a legitimate marketing campaign landing page or anything similar) the “experience” is the subdomain.
Eventually, these subdomains get retired or are no longer registered to be in use by the company. Hence, what the tricksters do is buy these subdomains. After which, they set it up as a scam website. Therefore, when you click on experience.trustedbrands.com, you get directed to scammer’s websites.
As per usual, they email blast their “campaigns” to millions of email addresses, including small and medium businesses like yours. And because these emails look like they come from legitimate sources, they pass through security checks, land into your business inbox and get through your unsuspecting employees’ attention.
Now that you know about this, here are some reminders about how to deal with emails, no matter how reliable they seem to be.
Get in touch with us if you need to up your defenses against these tricksters. Schedule your consultation with us so we can plan a personalized approach to keep your business safe.