Here on Day 26 of Cyber Security Awareness Month, as the ISC focuses on standards, we received a very interesting email from David at Lamp Post Group, the IT provider for Access America Transport. Per David: "Access America owns a US Trademark and the domain accessamericatransport.com. On Tuesday, October 23, a malicious user registered the domain accessamericatransport.net and immediately began sending phishing emails under the domain. Purporting to be Access America Transport, some emails were sent to several of our carriers with a link to a fake "Rate Confirmation" ("rate confirmations" is a normal term in the 3PL industry) or carrier "Claim" which in fact linked to an executable containing a virus." There are a number of interesting elements here so let me parse them individually. So, let's dig into the attack against Access America Transport:
|
Russ McRee 198 Posts ISC Handler Oct 26th 2012 |
Thread locked Subscribe |
Oct 26th 2012 8 years ago |
Two critical early warning items to watch registrant domain changes by username and by domain name.
With DomainTools it is possible to get an email whenever a change is made by your registrar login. Be sure to choose a unique username, however. Changes to domains with selected names can also trigger an alert. If the alert phrase is generic, e.g., "name" alerts on similar names such as "name2" will be generated. Hopefully the alert comes soon enough to reverse the theft. |
GordonM 14 Posts |
Quote |
Oct 27th 2012 8 years ago |
Thank you, Russ, for posting an excellent analysis. It's been an interesting last 4 days...
@Gordon- Yes, that's an excellent point. I'll whole heartedly agree. Unfortunately for us, the .net website wasn't even registered by anyone to begin with. As soon as we discovered that someone had registered it, however, we did everything we could to gain control of it. |
David 2 Posts |
Quote |
Oct 27th 2012 8 years ago |
> Think about close possible squatter matches too.
Google should have thought about that -- my aunt accessed 'www.gooogle.ca', and got very-unexpected results. |
Anonymous |
Quote |
Oct 27th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!