Every day nearly 60,000 websites are created for the sole purpose of phishing unsuspecting web users. You don’t have to be a bank or international etailer to attract the attention of phishers as they are now moving into the small business sector as fertile and largely unsecured ground.
You are not powerless against the phishers. There are various services which can act on your behalf to help secure your small business’ website from phishing attacks and go after the criminals should an attempt occur. These include:
- BrandProtect
- Cyveillance
- MarkMonitor
- RSA
- VeriSign
…and many others. These services can identify targeted fraudulent activity including spoof sites, phishing lures, malware distribution sites, and can even spotlight suspicious domain registrations as they occur.
Applying these top five ways to stop phishers in their tracks will not only help reassure your customers that you take their personal data very seriously, but they can prevent attacks from occurring in the first place.
1. Get all the authentication you can
There are various forms of online authentication such as:
- Software-based Strong Authentication
- Hardware-based 2-factor Authentication
- Mutual Authentication
The technical details of how these systems work are rather involved, but the best advice is to integrate everything you can into your website when it comes to authentication. Discussing your specific business needs with your choice of Authentication Provider is the best way to start.
2. Stop Cousin Domains
Nearly a third of all fraudulent website attacks are based on a Cousin Domain which will substitute a single character in order to mislead your customers into believing that they’ve actually reached your site.
These changes can be very subtle and few of your customers might notice that the URL for your nicestore.com is actually nicÒ½store.com or niÒ«estore.com. Dashes are often used by phishers as well, preying on the fact that most people wouldn’t think twice about clicking on to nice-store.com.
3. Obtain all the major TLDs
With the proliferation of TLDs (top level domains) it may seem to be a logistical nightmare and a total pain to register all possible permutations which occur after the dot in your domain name and set up redirects from them.
However, for your safety and that of your customers in addition to your standard .com you should also seriously consider registering:
- .biz
- .info
- .jobs
- .mobi
- .name
- .net
- .org
You don’t have to stop there, as if you do business outside the United States you might be well advised to add the specific national TLD, such as .ca for Canada, .co.uk for the United Kingdom, .au for Australia, and so on. Keep in mind that every TLD you register leaves one less for a phisher to obtain. Shop around for current registrar special offers and you’ll be able to register each TLD for a few dollars a year.
4. Bulletproof your email
If your email service provider is not already offering various forms of email authentication, you can look to these services to turn your email from a colander to a tank. Some of the primary ways to authenticate your outgoing email newsletters include:
- Domain Keys Identified Mail (DKIM)
- Sender Policy Framework (SPF)
- Sender ID
Although it’s easy to write entire volumes on each of these standards, DKIM generates a corresponding set of private and public keys which are checked by ISPs during email routing; SPF is a way to check whether an email was sent by one of the IPs which a website historically has sent emails from; and Sender ID applies an algorithm to determine the Purported Responsible Address, to arrive at a conclusion similar to the SPF process.
5. Enable law enforcement
If a phishing site is established, there are sets of actions which these services can implement to limit access to it and ultimately force the fraudulent content to be taken offline. RSA actually claims to have shut down over 300,000 online attacks, and all of the major services have nurtured relationships with the primary Internet Service Providers around the world to facilitate site blocking.
Phishing is a real and present threat to all small business websites, so take steps now before your customers are “hooked!”
About the Author: Denise Keller is COO and Co-Founder of Benchmark Email, a global email marketing service that gives free email marketing accounts to small businesses. She writes for Business Insider, American Express OPEN Forum, and other major Websites.