Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Fake Court Order Used to Take Over Domains

    Fake Court Order Used Take Over DomainsMotherboard reports that a scammer used a phony court order to trick a domain registrar into giving them control over a domain that posted links to dark web drug markets. The scammer then replaced the links on the site to lead to replicas of the drug markets that would steal users’ cryptocurrency.

    “Each site looked real but instead shared all user activity with the attacker, including passwords and messages,” the site’s legitimate administrator said in a message. “Cryptocurrency addresses displayed on these sites were rewritten to addresses controlled by the phisher, intercepting many people's money.”

    The incident serves as an example of how social engineering can be used to bypass technical defenses. The administrator of the site told Motherboard, “I had 2FA and PGP enabled on that account. I am not an idiot when it comes to security.”

    Tucows, the domain registrar that was tricked, received a realistic-looking court order that purported to come from a German court. The document was copied from a real court order that was used to take over a domain, and told the registrar that they weren’t permitted to inform the administrator or other registrars before making the change.

    Madeleine Stoesser, PR and corporate communications lead at Tucows, acknowledged the attack and said the company is working to prevent these incidents in the future.

    “Our findings show that Tucows was the victim of an intricate phishing scheme presented under the guise of a secret court order. This was a hyper-targeted phish designed with the direct intent of hijacking select domains,” Stoesser said. “We immediately began steps to successfully retrieve the domains and have implemented new processes to mitigate future issues. As the second-largest domain name registrar in the world by volume, Tucows is committed to the continued privacy and security of domains and our customers.”

    New-school security awareness training can help your employees thwart targeted social engineering attacks.

    Motherboard has the story.

     

    Return To KnowBe4 Security Blog

    Can hackers spoof an email address of your own domain?

    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

    Topics: Social Engineering, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews