Impersonations can be funny when you’re trying out a new impression at a dinner party. Cybercriminals impersonating the top executives at your company are not so amusing. Impersonation is a social engineering cybercrime that can seriously damage your brand reputation and financial standing. Fraud, spear-phishing, and business email compromise are all terms used to describe impersonation attacks. Whatever the name, the attack remains the same—manipulate victims into divulging confidential or personal information using specifically crafted domain names, emails, and websites. Continue reading to learn 101domain’s recommended domain name strategy to protect your top executives.
How are the names of CEOs and top executives being misused in domains?
WhoisXML API conducted a study that examined domain names and subdomains containing the names of Glassdoor’s 2021 Top 100 CEOs to understand more about impersonation attacks.
A summary of the findings are as follows:
- More than 2,000 domains and subdomains contain the CEOs’ names
- Their names appear in more than 600 subdomains
- 92% of the domains had redacted WHOIS records
- Only 2% can be publicly attributed to their respective organizations
- Screenshot analyses reveal some suspicious redirects
- Some domains have been reported as “malicious”
The reason for registering these domain names could be as harmless as fans creating websites for the CEOs they idol, or as detrimental as redirecting innocent users or employees to money transfer pages. Whatever the motive, the research clarifies that the threat is real.
Impersonation fraud is a billion-dollar business. In 2020, the Federal Bureau of Investigation (FBI) pegged the losses at $1.8 billion.
What makes this type of attack so dangerous is that cybercriminals don’t actually have to compromise your email account. All they have to do is register domains impersonating brands and their top executives for a few dollars and use these domains to manipulate victims for corporate espionage or financial gain.
How can companies keep their CEO and top executives’ names safe?
101domain has a strategy to combat impersonation threats.
1. Reserve Your Names
The best practice for companies is to defensively register domains that contain mission-critical names, terms, or phrases. Impersonation scams are some of the costliest Internet crimes out there. If you don’t secure your names now, you risk losing much more down the line if someone in your organization were to fall victim to an impersonation attack or what you would pay in legal fees to recover squatted domain names.
We recommend registering:
- CEO and top executives’ names
- Business name
- Product names
If you are a legal practitioner:
- Practice name
- Practice acronym
- Partners’ names
- .law domain
2. Cover Your Bases
Secure your business and top executives’ names in the most popular top-level domains.
3. Redirect Your Domain Names
Many companies keep their CEO and top executives’ names safe by redirecting related domains to legitimate websites. An example of this is domain names related to Marc Boom, CEO of Houston Methodist, are redirected to Boom’s faculty profile.
Connect with a 101domain Account Manager today to deploy a protection strategy for your top executives.