Russian hackers: Social engineering works well when domains are involved

An auto-translated post in a secret forum that is a nest of Russian hackers, discusses social engineering and domain names.

” I made fake mail Yandex and the mass send letters on behalf of the administration with a request to change the password. Letter was with the following contents:

Dear email@yandex.ru – In support, it was reported that with your E-Mail address is sending spam. To prevent blocking of your E-Mail address and click the link to change the password to a more complex (example: 67gjsuis8) Sincerely, support Yandex”

Its author then states that his method of obtaining the passwords of email accounts jumped from 27% to 93%, once he used a domain name registered in another ccTLD, that matched yandex.

“After only 30 minutes later the first account, then the second, third and so on. The next day I go and see that of the 100 letters sent out to me, was received with only 27 accounts. Realizing that this was not enough time in the investment of 3 hours a day, I decided to improve its fake.

Improvements began with the purchase fake domain. Domain found in an unusual area and was yandex. **. Yes, the domain as a standard, but in a different area and all. The second step was to create a subdomain passport.yandex. **, To the victim completely disappeared doubt that this is a hoax. The last step was to write a script for a mass mailing (to automatically replace email@yandex.ru to E-Mail recipient and subsequent dispatch). Spending all this $60 and one day I started to get almost 100% of all E-Mail addresses.

First test after the improvement showed that of the 100 accounts, I managed to get 93 of them. Subsequent use of the same effect. The only thing that has changed from the time I send the letters not only to users of Yandex, Rambler, but with Google. And I began to send these emails only to users from which to get the money (that is, E-Mail accounts on which there is Steam, Origin, WoT, WebMoney, PayPal accounts and some VK)”

In other words, the number of people that were fooled by a simple fishing email, reached almost 100% when the domain itself was a keyword match, regardless of the ccTLD used.

This poses an interesting argument in support of the various large financial institutions that want to move away from TLDs and ccTLDs – using, instead, their own brand name as a gTLD.

ICANN will definitely find this approach as yet another reason in favor of its scheduled roll-out of new gTLDs.

Copyright © 2024 DomainGang.com · All Rights Reserved.