...

Yes, we know that you now know about phishing attacks. Basically, do not trust emails from companies you do not know, correct? Well, unfortunately, that is no longer the case. Yep! The cyber criminals have done it again and found a way around to get through this defensive mentality. 

This time, threat actors will try to trick their targets by using the names of reliable and trusted companies. The tactic is called “SubdoMailing” and yes, it is as malicious as it sounds. And no, it is not as easily identifiable as previous versions of hacking.  

Phishing Attacks: SubdoMailing

Phishing Attacks: SubdoMailing

What is SubdoMailing in Phishing Attacks?  

So far, using the name of trusted brands and companies is not necessarily new in phishing. Phishers have tried using plain emails, survey forms, delivery services and photos to get their victims to give up information and log in data. Over time, their targets have become more vigilant to these kinds of trickery. This time, however, the plot thickens a little bit more. 

In SubdoMailing, cyber criminals start by going through the world wide web to locate subdomains of known and trusted companies and brands. Remember those “additions” in the usual website address that is added to the start of the main domain? For example, if the brand name is Reliable Brand and their main website is reliablebrand.com, when it becomes experience.trustedbrands.com (maybe from a legitimate marketing campaign landing page or anything similar) the “experience” is the subdomain 

Eventually, these subdomains get retired or are no longer registered to be in use by the company. Hence, what the tricksters do is buy these subdomains. After which, they set it up as a scam website. Therefore, when you click on experience.trustedbrands.com, you get directed to scammer’s websites.  

As per usual, they email blast their “campaigns” to millions of email addresses, including small and medium businesses like yours. And because these emails look like they come from legitimate sources, they pass through security checks, land into your business inbox and get through your unsuspecting employees’ attention.  

Keep your business safe from these phishing attacks 

Now that you know about this, here are some reminders about how to deal with emails, no matter how reliable they seem to be. 

  • Always be cautious of emails. Any and all deviations from the usual email address or links should be verified.
     
  • Review sender’s information whenever you are required to click on attachments and links. Spelling mistakes or new email address format should be a red flag.
     
  • Update your staff about this new trickery so they will also know what to watch out for. Empower them with knowledge so they can also spot a scam, as they come.
     
  • Invest in top-tier cybersecurity software, as much as you can, and keep it updated. The extra cost would be worth it in the long run.  

Boost your cybersecurity defenses against phishing attacks 

Get in touch with us if you need to up your defenses against these tricksters. Schedule your consultation with us so we can plan a personalized approach to keep your business safe. 

Pick up that phone and call us now! 

Watch Our Latest Tech Videos From EB Solution

Call Now