Last week I got a phished email, and it looked almost like my bank’s. You know, for a regular person, it couldn’t be more real, but for a cybersecurity-conscious person like me, I knew at first glance that it was a trap.
Seeing the red flags, I decided to play along and obey the Call-To-Action (CTA). I know it’s strange, but I like to explore danger zones – you might want to call me an inspector of cyber threats. After clicking on the link, I was welcomed with a perfectly phished copy of my bank’s website, and wow, I was impressed to see the hacker had put much effort into coming up with such a concept.
As I looked further into the phished page, I saw something that impressed me more; the new tactic I talked about!
Normally, my bank’s web app looks like this in the address bar:
app.mybankname.com/blah-blah-blah…
For the number of years I have spent reading about ethical hacking, I have never seen anything close to what this engineer did. Like, he thought of a way to make the address bar look convincing; a concept I’ve never read in any book or seen in any video!
Here’s what he did: he created a webpage with multiple subdomains to the main domain till it looked like it was my bank’s.
app.mybankname.com.anothersubdomain.anothersubdomain.domain.com/blah-blah-blah
Let’s say my bank’s name is piggy, the authentic web address will look like this:
app.piggy.com/login
While the phished website will look like:
app.piggy.com.this.is.a.phished.site.com/login
The main domain in this sense now is site.com while app.piggy.com.this.is.a.phished is a stack of subdomains built on top of each other.
Honestly, one has to have the knowledge of how domain name systems work to be able to escape this attack.
Well, obviously, no one knows it all; that’s why I have taken it upon myself to share this new discovery with you.
Learn to check domain name chains to know if they are authentic or phished.
Thanks for reading!
