The Dangers of Spoofing

Brown owl sitting inside a hole in a tree

Spoofing of brand names is almost as old as the Internet itself but continues to be a widely used technique in phishing and malware campaigns, to get people to click on links that they think are credible.

Sometimes the spoof is obvious. For example, Silent Push recently found the domain facbook[.]info to be hosting a fake Facebook login page. At other times, it’s less easy to spot as with the domain www.aeomn.ceaorcd[.]com, which was hosting a phishing page for AEON, a large Japanese company.

Fortunately, Silent Push offers its clients a proactive defense against these types of attacks. By using the spoofing detection tools on the Silent Push app to investigate potentially dangerous domains and URLs, attacks can be detected as soon as the malicious infrastructure is set up.

A multinational corporation recently used Silent Push to discover domains that spoofed their own brand. The attackers had set up fully functional websites spoofing of some of the host company’s divisions and were ready to launch a campaign.

But an organization shouldn’t merely concern itself with spoofing of its brand. It should also monitor spoofing of any part of the supply chain: the many services staff members use as part of their work. The larger the supply chain, the wider the attack surface for malicious activity. For example, an attacker may set up a campaign with the goal of exfiltrating sensitive data about customers by tricking them into entering data on a spoofed website.

The world of cyber security is immensely complicated and requires a detailed and proactive defense system. Spoofing is a major threat that can have far-reaching consequences for both an organization and its brand. Thankfully, Silent Push has you covered here with a platform that helps with easily detecting new infrastructure spoofing both your own brand and that of your supply chain.