A new report by CentralNic raises awareness to an apparent increase in attempts of using social engineering techniques against domain registrars.
According to the report, these attacks consist of communications initiated via support tickets or live chat systems, from persons claiming to work for or representing CentralNic.
These social engineering attempts seek the update of crucial billing and account information, often asking the other party to visit a particular web site.
Such methods are often used against web hosting providers and domain registrars in order to facilitate domain hijacking and theft.
Here’s the full text of the warning by CentralNic.
Copyright © 2024 DomainGang.com · All Rights Reserved.Dear Registrar,
Please be advised that persons impersonating CentralNic having been performing social engineering attacks against registrars.
These attacks consist of communications made via support tickets and web-based live chat systems from persons claiming to work for or represent CentralNic. They may ask for your help in updating “billing and account lookup tools”, and may ask you to access a website in order to do so. They may specifically ask that you use Internet Explorer to access the website.
These persons have no relationship with CentralNic, and it is our belief that they are attempting to infiltrate the corporate IT systems of registrars, perhaps in attempt to hijack specific domain names and/or customer accounts, or credentials with CentralNic or other registries.
Registrars should ensure that front-end customer support staff are trained to detect and resist social engineering attacks, and report them where they occur.
CentralNic offer two additional security-related services that registrars may wish to use to improve the security of domains under their management:1. We have recently implemented two-step authentication for user accounts on the Registrar Console. This system is implemented using the Google Authenticator app, which is available for iOS, Android and Blackberry mobile devices. Two-step authentication can be enabled for your account by logging in to the Registrar Console and clicking on “Edit My Profile”.
2. We provide a Registry Lock Service that requires a manual authentication process for all changes to valuable domain names. A monthly fee is charged for domains that use this service. Please contact your account manager for more information.
If you experience any incidents which are similar to the one described above, please let us know.
We are regularly in touch regarding account changes and updates via telephone and email. However, we will never ask you to share your screen with us or open applications online. If in doubt, you can always choose to update these details yourself via the secure console using your name and password.
Regards,
CentralNic Support
support@centralnic.com