How to protect your domain name from phishing and other scam activities – best practice guidelines from ICANN
Apart from ownership rights, a domain name registration also entitles you to responsibilities for keeping it safe from malicious activities.
We’ve already discussed how you can protect your domain name from unauthorized transfers and similar hijacking activities.
Now we are taking a look at how you can keep your domain safe from phishing, etc. attacks by following ICANN’s security guidelines.
What are phishing attacks about?
Phishing is a type of cyber attack aimed at stealing sensitive user data like usernames, passwords and credit card numbers.
Appearing as a trusted entity using social engineering, an attacker can manipulate a recipient into opening an email or a text message and clicking a malicious link or opening an attached file, etc.
That often leads to the recipient disclosing sensitive information voluntarily or the installation of malware which performs an unwanted or malicious activity on the user’s device.
In the case of domain registrants, а phishing attack may trick a domain owner into opening an email pretending to be from ICANN and clicking on the link contained therein.
This will give the attacker access to a registrant’s private domain name registration information and passwords.
And once they have this information, they can potentially perform various malicious actions like redirecting the domain to whichever address they like.
Beware of emails offering domain management services from ICANN
ICANN-phishing emails are the most common phishing attack targeting domain registrants.
They appear to come from ICANN by using a sender’s email address which contains “ICANN” or by featuring ICANN’s branding and logo.
These emails may claim that your domain registration needs to be renewed and that you must pay a certain fee to restore it.
To do that, the user will be required to click on a link, or reply to the email or open the attached file, all of which requiring the disclosure of personal details.
To help curb these malicious practices, ICANN has formulated a set of guidelines that are aimed at educating domain registrants about the potential risks.
Be suspicious of any ICANN-related communication
First and foremost, it is essential to know that ICANN does not process domain registrations, nor does it offer domain name management services.
Consequently, the domain authority never sends emails directly to registrants about managing their domain names, and never collect fees from registrants directly either.
All domain-management related notifications come from the domain registrar itself. These include:
- WHOIS Data Reminder Policy (WDRP) notice;
- Registration data verification request;
- Domain name expiration reminder;
- Domain name renewal request message.
Also, the registrar is responsible for collecting all domain registration and renewal fees as well as any other domain management-related fees.
Also, legitimate email messages sent from ICANN will never come from a domain other than icann.org, such as “icann-domain.org” or “icann-support.org”.
Besides, a real email from ICANN will never include an attachment or software that recipients will be prompted to open.
Always verify domain information with your registrar
In case you receive an email about your domain that pretends to be coming from ICANN, you should contact your sponsoring registrar immediately to verify the validity of that message.
They will update you on the status of your domain name and clear any concerns you may get from reading the fraudulent message.
Report suspicious emails to ICANN directly
According to ICANN’s domain security guidelines, you are recommended to forward any suspected scam messages that appear to come from ICANN to globalsupport@icann.org, with “suspected phishing” in the subject line.
Тheir team will work with appropriate parties, including law enforcement, to address the source of the email and get the source of the email shut down, if possible.
This way, you’ll help ICANN in its fight against phishing scam and contribute to protecting the entire ICANN community.
Additional measures you can take to protect your domain from malicious activity
In addition to the phishing attack prevention measures listed above, you can also take some extra, ICANN-advised steps to protect your domain name(s) from malicious activity:
Use different emails for your registrar account and Whois
ICANN recommends that each registrant uses separate email addresses for their domain management account with the registrar and their domain name registration (Whois) information.
If the same email is used in the two cases, then an attacker who gains access to a given domain management account could very comfortably edit the Whois details to remove the real domain owner from the record.
If the ICANN guideline is followed, in cases like this, the Whois record for the attacked domain will remain intact, and the domain registrant will be able to prove to the registrar that they are the legitimate owner and that their account has been subject to unauthorized use.
Use a registrar-lock option for your domain(s)
Putting a transfer lock on a domain name is another safety measure a registrant can take against unauthorized changes to their domain registration such as Whois modifications or domain deletion, etc.
On our platform, domain registrants can lock/unlock their domains themselves with a clock from the Control Panel, while some other registrars will do that for the registrant per request.
Use an HTTPS-secured domain management account
Another ICANN-inspired security guideline is to use an HTTPS connection when you access your domain management account with your registrar.
This will help prevent anyone from eavesdropping your communication with the registrar and stealing your private domain information in result.
On our platform, all communication is encrypted via the Transport Layer Security (TLS) HTTPS protocol which ensures a fully protected domain management environment for registrants.
Enable DNSSEC for each of your domain(s)
Being a security extension of the DNS system, DNSSEC (Domain Name System Security Extensions) is a protocol that helps protect domains from being hijacked and used for phishing purposes on a system level.
By creating a digital signature over a domain’s zone data, It minimizes the possibility for an attacker to manipulate a DNS query response.
This way, clients looking up a domain name can verify that the information they receive matches the zone signature.
On our web hosting platform, you can enable DNSSEC for your domain names with a click from your Web Hosting Control Panel.
The options are currently available with most of the popular TLDs offered on our platform.
***
As an overseer of the Domain Name System (DNS), ICANN has defined a set of recommendations that will help you keep your domain safe from online harm.
By following the security measures listed above, you will not only make sure your domain names’ health is guarded, but you’ll also be able to play an active role in the ICANN community.
Be helping ICANN deal with the domain phishing and hijacking threats, you will undoubtedly contribute to the overall security of the DNS and to making the web a safer place.
Originally published Friday, July 3rd, 2020 at 4:09 pm, updated July 6, 2020 and is filed under Domain Names.