Welcome to the underbelly of cybercrime, where a new menace known as "SubdoMailing" thrives in the shadows, waiting to ensnare unsuspecting prey.
Say you’re scanning your inbox when you spot an email from a trusted company. It has a domain name you trust, so your initial thought is that it’s safe, right?
Not quite.
This email is part of an elaborate scam designed to lure you into clicking malicious links or divulging sensitive information.
But what exactly is SubdoMailing?
It’s a devious ploy where fraudsters exploit the forgotten corners of reputable brands’ subdomains (hence the “Subdo”) to launch their nefarious schemes. These subdomains are like hidden passageways in the vast labyrinth of the internet, often overlooked but ripe for exploitation.
Here’s how it works:
First, the cybercriminals scour the depths of the internet for abandoned subdomains of well-known companies. These subdomains may no longer be in use, but they still point to external domains that are unregistered. Seizing this opportunity, the criminals swoop in, purchase the expired domain and set the stage for their deception—a counterfeit website designed to mimic the trusted brand.
Here’s where the danger lies.
You receive an email seemingly from a legitimate source, but unbeknownst to you, the link you’re about to click leads straight to the counterfeit website. And because the email appears to originate from a trusted brand, it often slips past your small business’ usual security measures and lands squarely in your inbox.
So what can you, our friendly neighbourhood SMB owner, do to shield yourself and your company from falling prey to SubdoMailing?
- Maintain vigilance: Exercise caution with any email that appears even remotely suspicious. Trust your instincts—if something feels amiss, it likely is.
- Verify the sender: Before clicking on any links or downloading attachments, take a moment to scrutinize the sender’s identity. Watch out for telltale signs like spelling errors or unfamiliar email addresses.
- Educate your team: Ensure your employees are well-versed in the latest phishing tactics and equipped to identify potential scams. Offer training sessions or provide educational resources to keep them informed.
- Invest in robust security measures: Consider allocating resources to top-tier security software to fortify your defenses against cyberthreats. While it may entail an additional expense, the safeguard it offers is indispensable in today’s digital landscape.
By taking these proactive measures, you can navigate the murky depths of cybercrime with confidence, safeguarding your business from the lurking peril of SubdoMailing.
If you’d like some advice about adding an extra layer of security to your small- or medium-sized business, get in touch with us.
Ian Robertson
