6 Low-Cost Steps To Protect Your Digital Identity

November 21, 2022
Photo by Pixabay from Pexels

With cyberattacks—and payouts—on the rise, taking practical steps to reduce your online risk is time well spent.

Since 2004, October has been designated “Cyber Security Awareness Month” and globally recognized. This year’s theme is “See Yourself in Cyber: Together we make it Safer,” focusing on the human component of cybersecurity and providing information and resources to help spread awareness.

In keeping with this theme, let’s take a quick look at the current IT landscape. Last month, cybersecurity researchers from Akamai claimed they flagged 79 million new malicious domains in the first half of 2022. That translates to more than 13 million domains per month that are being used for a wide range of malicious activities.

How Malicious Websites Affect You and Your Customers

Part of the challenge with improving one’s cybersecurity posture is that it’s not readily apparent how bad websites can impact the average business owner or consumer. For example, here are a couple of common tactics cybercriminals use to exploit their victims:

  • Homograph phishing attacks. In grammar, a homograph occurs when two words are spelled the same but have different meanings, like bass (the fish, which rhymes with class) and bass (the instrument, which rhymes with ace). In the cyber world, a homograph phishing attack is based on the idea of using similar characters to pretend to be another site. One simple example would be someone registering the domain g00gle.com where the “Ohs” in the real domain are substituted with two “zeroes.” For example, an attacker might set up a fake website with a domain name similar to your bank and then send you a phishing email warning that your credentials were breached. Instead of contacting their bank or opening a browser tab, the victim clicks the link in the email, which takes them to the imposter site that looks like the real one, so they enter their personal information, falling deeper into the criminal’s snare.
  • Business Email Compromise (BEC) attacks. According to the FBI, BEC is one of the most financially damaging online crimes, with over $43 billion (USD) in losses between 2016 and this year. In a BEC scam, criminals send an email message that appears to come from a known source requesting the victim update a mailing address, purchase gift cards or wire a down payment for a recent home purchase. In some cases, a BEC attack relies on a spoof (i.e., a homograph) of a legitimate user’s or company’s email. In other cases, attackers use malicious software to infiltrate a company’s networks and gain access to email threads about billing and invoices.

Simple Steps to Better Protect Your Digital Identity

While cyberattacks have gotten more sophisticated in recent years, there’s still one truism that hasn’t changed, which is that criminals prefer low-hanging fruit. That means following good cyber hygiene still goes a long way. Here are six simple steps you can take right now to lessen your chances of having your digital identity compromised:

  1. Choose a security-minded domain provider. There are many domain providers to choose from, but their interest and involvement in protecting customers vary greatly. Some providers put all security responsibilities on the buyer. Others, like Identity Digital, use cutting-edge technology to protect the domains they service against phishing, hacking and glitches. For example, all Identity Digital domains include phishing protection that automatically blocks homographic domain names to prevent their use in malicious web or email addresses. Additionally, the company provides a Dynamic Defense service comprising a security and DNS abuse mitigating team dedicated to disrupting security threats to domain registries and end-user registrants.
  2. Create a consistent second-level domain (SLD). It’s a common practice to use variations of a domain for different services, but there’s a safe way to do it and an unsafe way. Here’s an example highlighting the latter outcome. Let’s say an airline named “Big Air” uses bigair.com for its main page, bigairtickets.com for booking flights and bigairrewards.com for its loyalty program. Besides making it more difficult for customers to navigate to the correct site, this strategy of changing the SLD makes it easier for cybercriminals to attack site visitors with various phishing schemes. To gain the benefits of naming variations without compromising security, take a note from Apple and adopt a subdomain strategy. For example, if you’re looking for the latest iPhone, go to apple.com/iphone. For the latest Mac, you’d find it at apple.com/mac. Not only is this strategy harder to spoof, but customers don’t have the burden of remembering the complete URL; they can go to the main page and navigate to it from there.
  3. Don’t leave a social media void. New social media sites are constantly popping up, and it can be challenging to keep up with them all. Even if you decide to use just a few of them, cybercriminals may try to fill the void and set up an account under your name on a site you’re not using. The Federal Trade Commission (FTC) revealed that consumers lost $770 million to social media scams in 2021, up 18x from 2017. The first step in defending against these attacks is verifying your profile with the social media site and using a service to monitor social media activity and alert you if someone attempts to impersonate your business.
  4. Use multi-factor authentication (MFA) on your website and social media. MFA makes it impossible for cybercriminals to access password-protected resources without providing at least one additional verification factor. Not only does MFA help protect your identity, but it also protects your customers’ information, which directly impacts your reputation even if you’re not selling online.
  5. Set up Google alerts for your company. Setting up a Google alert is a free and easy way to keep tabs on what’s going on with your company, in addition to manually searching your company online to see where you’re being discussed. For example, security researchers often share information about companies being targeted online via Twitter using “#phishing.”
  6. Do a free “pwned” check. Another quick and easy way to see whether your digital identity has been compromised or “pwned” in a data breach is to visit haveibeenpwned.com (HIBP) and enter your email, phone or domain name. The account uses a Twitter bot that monitors Pastebin pastes for potential data dumps. All account details are added in real time when it finds one. Since most data dumps aren’t immediately talked about, they’ll likely be added to the HIBP database before you even hear that they’ve been stolen. Additionally, the FBI started working with HIBP in 2021, making the site’s search results even better.

Conclusion

Your data and digital identities are valuable assets worth protecting, and antivirus on your PC and encryption on your website aren’t enough. True security requires a layered approach that incorporates the latest cybersecurity tools, user awareness training, and good cyber hygiene practices like those outlined above. This Cybersecurity Awareness Month, do all you can to educate your team and users about cybersecurity best practices to minimize your vulnerability to an attack.

Author Bio

Alexander Falatovich (Fal-uh-toh-vich) joined Identity Digital with the acquisition of Afilias in 2020. He focuses on coordinating efforts to counter domain name abuse in TLDs for Identity Digital and strategic customer accounts. He brings over a decade of experience from the domain name space, having led large legacy gTLD anti-abuse programs as well as facilitated the successful launch of dozens of descriptive TLD domain abuse programs. He is a member of multiple industry groups and collaboratives, such as APWG and InfraGard. Internally, he spearheads the enterprise security awareness program and is an inaugural member of the Identity Digital GRC Committee. 

Leave a Reply

Your email address will not be published.

Don't Miss

38 Best Maryland Cloud Management Companies and Startups

This article showcases our top picks for the best Maryland

Meet Washington’s 101 Top Founders in the Internet Space

At Best Startup US we track over 1,000,000 US startups