Articles in this section

Fraudulent Website Investigation Procedure (Domain Squatting):

Avatar
Joe Essling
  • Updated
Follow

Purpose -

To ensure the legitimacy of Eight Eleven Group domains/subdomains and prevent malicious actors from tarnishing the organization's brand and reputation.

Procedure -

1. Check legitimacy of domain using at least two sources of truth from the list below:

   - https://talosintelligence.com/reputation_center/

   - https://lookup.icann.org/en/lookup

   - https://domains.google.com/registrar/search/whois/exampledomain

Additional Tools to Investigate :

- https://www.scamadviser.com/

- https://dnstwist.it/

2. Review the Domain Information:

  - Check "Creation Date" to see if it was created within the last year ***RED FLAG***

  - Ensure that the domain status is "clientDeleteProhibited", "clientHold", "clientRenewProhibited", "clientTransferProhibited", "clientUpdateProhibited" ; If prohibited STOP no further action is needed

3. Remediation:
If the domain status is anything other than the above mentioned status contact the Registrar via the "Abuse Contact Email" on the report run from Step 1. Draft an email with the information below and request to have this domain investigated for abuse.

Name of Organization
Name of person who is reporting
Title of the person who is reporting
Reason and concern for reporting
Evidence gathered to support the issue

4. Report the incident to FBI's Internet Crime Complaint Center

https://www.ic3.gov/

 

EXTRA BITS -

Terminal Command to identify website IP address:

  • nslookup exampledomain.com (Windows)
  • dig exampledomain.com (MacOS)

Items to consider while investigating the issue:

Have you checked the site's whois data ( https://lookup.icann.org/)? If not, do it now!

Has the website been registered for less than 6 months? Yes? beware!

Was the site registered for only one year? Yes? beware

Does the site show a full street address? No- beware!

Have you checked the address on Google StreetView? Does it look like a business address? Or is it a residential address?

Does the site have a contact email address? Does it match the site's URL? No?- beware!

Does the website's phone number match the alleged physical location of the business?

(USE THIS TOOL - https://www.numberingplans.com/?page=analysis&sub=phonenr)

Does the website even show a phone number for contact?

 

Comments

0 comments

Please sign in to leave a comment.