*** Here Is A List Of Some Of The Best Domain Name Resources Available ***
There is one thing that can come between you and your business regardless of whom you are and how safe you feel your security procedures might be and that’s theft – especially in the domain business.
There is a lot that can go wrong in the Internet business as it is, but likely nothing would be as bad as someone stealing your entire Internet address. Poof, all the sudden your entire business is gone. In a brick-and-motor business, it’s not likely that someone will come along with a tow-truck and remove your store-front from its usual cozy place on Main Street, but with a business built on domains, that is exactly what can happen, and it can happen to anyone; 5 dollar domain or 5 million dollar domain, they are all safe guarded through a process involving verification of an email addresses recipient.
That is a lot riding on your email account. Holy smokes; think about that for a minute. A domainers entire business and livelihood is reliant on a single email address. It’s relatively easy to reset a password for a lost account, so long as you have access to the email address used for the account. A thief can reset a password; reset a security code, change ownership of a domain, all through an email address.
Today, WordFence, a company whom distributes a popular security plugin for WordPress websites, released an article about a particular new phishing-type attack which is much worse than the usual attacks easily spotted by a browsers address bar. Many attacks, while well-hidden within authoritative looking webpages, are not fool-proof because one thing that always gives them away is the address bar – that’s where many people can check to quickly and accurately sniff out phishing attempts… But this particular attack is specifically targeting the address bar and is said to be fooling even tech-savvy users. That is why it is time to get serious about your email and start using Two Factor Authentication, especially if you are a Google Mail or Gmail user, a core portion of this scam.
Here is what you want to look for on this one:
The phishing scam includes having you the target of the attack (you) click on a link to a totally bogus login page and if and when the user checks to see where on the web they are, just to be safe, they are fooled with this URL in the browser data:text/html, – if they don’t immediately realize that the very beginning was added, they’re screwed. The above address bar is fooling a lot of people and is being called a “Highly Effective Gmail Phishing Technique” as it does appear to be a pretty darn safe place to go ahead and login. Once logged in, the credentials are stolen and the thieves are immediately notified of a new successful compromise and they rush to lock out the true user and download and steal virtually all of the email within the account.
To find out all the intricate details on how these thieves will work towards tricking you, including using people you frequently email with, frequent subject lines, and even frequently used attachments and files, please read the entire notification from WordFence (these guys are great over there).
But if you would like to just take my advice straight away, I would hop over to Gmail right now and turn it on (I just did it [finally] and it only took about five minutes to set it up): https://www.google.com/landing/2step/
Other email vendors offer it too.
- Microsoft Mail: https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification
- Yahoo Mail: https://help.yahoo.com/kb/SLN5013.html
- AOL Mail: https://help.aol.com/articles/2-step-verification-stronger-than-your-password-alone
- Zoho Mail: https://www.zoho.com/mail/help/adminconsole/two-factor-authentication.html
This is just too important to ignore any longer so if you are not using Two Factor Authentication yet, at least on your email account tied to your domains, please do so for your own good as well as the good of others in your address book. These hacks and phishing attacks are becoming much more frequent these days not to mention much more sophisticated and it’s not just about keeping you safe, but everyone your email list. So take a few minutes of your day and get it done. It’s kind of crazy not to at this point.
About The Author: John Colascione is Chief Executive Officer of SEARCHEN NETWORKS®. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a how-to book called ”Mastering Your Website‘, and is a key player in several online businesses.
Great blog post!
One thing to mention is to not forget to copy or write down the backup codes for just in case there’s a problem with 2step authentication.
Just recently I replaced my iPhone with a new one and I had to add 2step authentication on the new phone lucky I was logged in to forums so I did not have a problems adding it again and writing the backup codes. I did have to contact one registrar to let me back into my account after emailing them some documents I was they let me back in and everything was ok.