There is one thing that can come between you and your business regardless of whom you are and how safe you feel your security procedures might be and that’s theft – especially in the domain business.
There is a lot that can go wrong in the Internet business as it is, but likely nothing would be as bad as someone stealing your entire Internet address. Poof, all the sudden your entire business is gone. In a brick-and-motor business, it’s not likely that someone will come along with a tow-truck and remove your store-front from its usual cozy place on Main Street, but with a business built on domains, that is exactly what can happen, and it can happen to anyone; 5 dollar domain or 5 million dollar domain, they are all safe guarded through a process involving verification of an email addresses recipient.
That is a lot riding on your email account. Holy smokes; think about that for a minute. A domainers entire business and livelihood is reliant on a single email address. It’s relatively easy to reset a password for a lost account, so long as you have access to the email address used for the account. A thief can reset a password; reset a security code, change ownership of a domain, all through an email address.
Today, WordFence, a company whom distributes a popular security plugin for WordPress websites, released an article about a particular new phishing-type attack which is much worse than the usual attacks easily spotted by a browsers address bar. Many attacks, while well-hidden within authoritative looking webpages, are not fool-proof because one thing that always gives them away is the address bar – that’s where many people can check to quickly and accurately sniff out phishing attempts… But this particular attack is specifically targeting the address bar and is said to be fooling even tech-savvy users. That is why it is time to get serious about your email and start using Two Factor Authentication, especially if you are a Google Mail or Gmail user, a core portion of this scam.
Here is what you want to look for on this one:
The phishing scam includes having you the target of the attack (you) click on a link to a totally bogus login page and if and when the user checks to see where on the web they are, just to be safe, they are fooled with this URL in the browser data:text/html, – if they don’t immediately realize that the very beginning was added, they’re screwed. The above address bar is fooling a lot of people and is being called a “Highly Effective Gmail Phishing Technique” as it does appear to be a pretty darn safe place to go ahead and login. Once logged in, the credentials are stolen and the thieves are immediately notified of a new successful compromise and they rush to lock out the true user and download and steal virtually all of the email within the account.
To find out all the intricate details on how these thieves will work towards tricking you, including using people you frequently email with, frequent subject lines, and even frequently used attachments and files, please read the entire notification from WordFence (these guys are great over there).
But if you would like to just take my advice straight away, I would hop over to Gmail right now and turn it on (I just did it [finally] and it only took about five minutes to set it up): https://www.google.com/landing/2step/
Other email vendors offer it too.
- Microsoft Mail: https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification
- Yahoo Mail: https://help.yahoo.com/kb/SLN5013.html
- AOL Mail: https://help.aol.com/articles/2-step-verification-stronger-than-your-password-alone
- Zoho Mail: https://www.zoho.com/mail/help/adminconsole/two-factor-authentication.html
This is just too important to ignore any longer so if you are not using Two Factor Authentication yet, at least on your email account tied to your domains, please do so for your own good as well as the good of others in your address book. These hacks and phishing attacks are becoming much more frequent these days not to mention much more sophisticated and it’s not just about keeping you safe, but everyone your email list. So take a few minutes of your day and get it done. It’s kind of crazy not to at this point.
About The Author: John Colascione is Chief Executive Officer of Searchen Networks Inc. and Internet Advertising Inc. He specializes in Website Monetization, authored a ‘how to’ book called ‘‘Mastering Your Website’, and is a key player in several Internet related businesses through his search engine strategy company Searchen Networks®