[menog] [Blog] Identifying Phishing Scams, DNSSEC Signing, and Other Tips to Protect Your Domain Name

Fahd Batayneh fahd.batayneh at icann.org
Tue May 5 13:58:17 UTC 2020


This piece by ICANN’s Registrant Program may be of interest to domain name registrants.

Fahd Batayneh

As a domain name registrant<https://www.icann.org/icann-acronyms-and-terms/en/G0101>, it's important to always understand and adhere to your rights and responsibilities<https://www.icann.org/resources/pages/benefits-2013-09-16-en> and to educate yourself about how to best securely and responsibly manage your domain name(s).

Beware of Phishing Scams and Emails that Appear to Be From ICANN

Phishing<https://www.icann.org/resources/pages/phishing-2013-05-03-en> attacks are a type of fraud that cybercriminals utilize to lure others online, including registrants, into doing what the criminals want them to do. Phishing may result in others voluntarily giving away their username and password or clicking a link that will lead to their devices being infected with malware<https://www.icann.org/resources/pages/malware-2013-05-03-en>, which is software that, when installed, performs unwanted or malicious activity. If an attacker can gain access to a registrant's private domain name registration information and passwords, they can potentially redirect the domain to wherever they like. As such, it's immensely important that you take note of any suspicious or unsolicited emails.

Phishing emails may claim that your domain name registration needs to be renewed and that you must pay some sort of fee to get it back. These malicious campaigns typically use deceptive techniques such as forging a trusted sender's address or domain, or using a similar or lookalike domain. Phishing messages typically ask for the reader to reply, call a phone number, click a link, or open an attached file, which results in stealing personal information or gaining some other advantage over the victim.

Sometimes phishing emails aimed at registrants may appear to come from ICANN (even using ICANN's branding and logo or sender email addresses containing the name "ICANN"). It is important to know that ICANN does not send emails directly to registrants about managing their domain names, and never requests payment of fees from registrants.

Protecting Yourself and Your Domain Name

Ensuring a stable and secure Domain Name System<https://www.icann.org/icann-acronyms-and-terms/en/G0474> (DNS) for all Internet users is one of ICANN's key priorities. We recommend that you take the following steps to protect your domain name and personal information related to your domain name registration:

  *   Be suspicious of any email that offers domain name management services from ICANN. As noted above, ICANN does not offer domain name management services or process domain registrations and will never collect fees from registrants directly.
  *   ICANN will never send registrants a WHOIS Data Reminder Policy (WDRP)<https://www.icann.org/news/blog/do-you-have-a-domain-name-here-s-what-you-need-to-know-part-1> notice, registration data verification request, domain name expiration reminder, or domain name renewal request message. If you receive an email about your domain that purports to come from ICANN, contact your sponsoring registrar directly to enquire about the validity of that message.
  *   Please read the blog "What You Should Do If You Receive A Suspected Fraudulent ICANN Email<https://www.icann.org/news/blog/what-you-should-do-if-you-receive-a-suspected-fraudulent-icann-email>" and remember to report suspicious emails that appear to come from ICANN to globalsupport at icann.org<mailto:globalsupport at icann.org>. Our team can take a look to determine if it's fraudulent. If it is, we'll work with appropriate parties, including law enforcement, to address the source of the email.
  *   Contact your sponsoring registrar directly for any concerns about the status of your domain name.

Measures for Additional Protection

In addition to being vigilant about watching for phishing attacks, here are some additional proactive measures you can take to protect yourself from those trying to gain unauthorized access to your domain name account:

  *   Always keep your domain name registrant account information private, secure, and recoverable. Enable multi-factor authentication if your registrar supports it.
  *   Use ICANN-accredited registrars<https://www.icann.org/registrar-reports/accreditation-qualified-list.html> to register and manage your domain name(s) and always research the reputation and service record of registrars before selecting one. If you're not entirely comfortable with a registrar after you register a domain name with them, you can and should consider transferring your domain name to a registrar you trust.
  *   Ask your registrar to apply a "registrar lock" on your domain names, which can help prevent changes to your domain name registration information and block attempts to transfer or delete your domain names<https://www.icann.org/news/blog/do-you-have-a-domain-name-here-s-what-you-need-to-know-part-4>.
  *   Use Transport Layer Security (TLS)<https://www.icann.org/icann-acronyms-and-terms/en/G0279> HTTPS when you access your domain name registration account to prevent someone intercepting your communication with your registrar.
  *   Use a different email address for your registrar account than your domain name registration information. If your domain name is hijacked by someone who has gained access to your account with the registrar, that person will likely alter the registration information to remove you as the registered holder of the domain name. If you used an email address that is not associated with your domain name for your registration information, you will be able to provide that email address as evidence to the registrar that you were the registered holder of the domain name before it was altered by unauthorized access to your account.
  *   On your local machines, use a password manager, create strong passwords, and safeguard them.

Sign Your DNS Zones With DNSSEC

Another step you can take to protect your domain name and contribute to the overall security of the Domain Name System (DNS) is by DNSSEC-signing all the data associated with each of your domain names.

DNSSEC<https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en> (Domain Name System Security Extensions) reduces the chances an attacker will be able to substitute their answers in response to DNS queries. By creating digital signatures over your domain's zone data, clients looking up your domain names can verify the information they receive is what you had placed in the zone.

Many DNS software packages and registration systems have tools that automate DNSSEC-signing. Check to ensure that DNSSEC-signing is enabled in your DNS software and at your registrar and that your registrar has the necessary information (your Delegation Signer record or your DNSKEY) to help establish trust in the information they just signed.

Learn more about DNSSEC, why it's important, and how to put it into action with our DNSSEC Explainer<https://www.icann.org/resources/pages/octo-publications-2019-05-24-en>, published by ICANN's Office of the Chief Technology Officer (OCTO) and available in all UN languages.

Always Be Proactive

Domain name registrants are important players in combating DNS abuse<https://www.icann.org/news/blog/icann-org-s-multifaceted-response-to-dns-abuse>. We encourage you to always be vigilant and proactive in securely and responsibly managing your domain name(s). We hope you found these suggestions useful, and always encourage registrants to play an active role in the ICANN community<https://www.icann.org/community>. You can find more information on ICANN.org for domain name registrants here<https://www.icann.org/registrants>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.menog.org/pipermail/menog/attachments/20200505/b9b46c44/attachment-0001.html 

More information about the Menog mailing list