In recent years, the number of phishing attacks and the damage they cause have been on the rise, and it is not uncommon for fake sites to be created to pretend to be your own company or organization. Around the middle of May, there were many incidents of fake sites occurring as a warning was issued by the government and local governments.
In the first half of this article, we will explain the outline of the incident, and in the second half of this article, as countermeasures against fake sites, methods to prevent users of the company from accessing fraudulent sites and spoofing the company's site for website administrators. We will show you how to inspect the site.
Commentary on the fake site incident
Although the government and media outlets have issued warnings, it has been confirmed that there have been many fake websites that appear to have copied websites of government agencies, local governments, and private companies. According to our investigation, it occurred between February and May 2020, and we have confirmed the possibility that more than 1,000 sites in Japan and overseas were being copied.
Regarding the fake site observed this time, the domain .gq/.cf/.tk/.ga/.ml that can be obtained for free from overseas services was used for the TLD (Top Level Domain) of the URL.
The fake site does not copy the contents of the legitimate site at a certain point in time, but when the user accesses the URL of the fake site, the server prepared by the culprit acts like a reverse proxy to the legitimate site. After accessing and acquiring the content, it seems that some content such as the link in the HTML was changed and responded to the user.
The reason and purpose for creating the fake site is unknown, and as of May 20, 2020, many fake sites have been closed without any confirmation of actual damage. However, if it reoccurs in the future, it may be used as a malware delivery or phishing site, so caution is required.
In addition, in this case, there were many fake sites that pretended to be various organizations and companies, and it has attracted a great deal of social attention. However, fake sites created with clearer malicious intent are constantly occurring, not just this time.
At that time, attackers carefully consider the target user group and often set up fake site campaigns in a way that suits the time. Recently, there have been many cases of phishing emails and phishing sites created by spoofing organizations that provide information related to the new coronavirus, and there are often cases of spoofing shopping sites created during the Christmas season. You can see
In particular, the specific TLD.gq/.cf/.tk/.ga/.ml that was exploited in the mass outbreak in May has been used for malware C&C communications and fake shopping site domains. It has been confirmed that there are cases where cyberattacks are hotbeds.
In the next section, we will describe how to prevent your company's users from accessing fraudulent sites and how to investigate sites that pretend to be your own site for website administrators as countermeasures against the occurrence of fake sites.
At the end
Although it will be repeated, sites where third parties fraudulently pretend to be companies and organizations are occurring every day, and the pace of occurrence is expected to increase in the future.
Therefore, in order to continue to protect the organization and employees from fraudulent sites and to protect the users of the company's site, it is desirable to constantly monitor the occurrence of fake sites and take prompt measures. I think.