Online security relies on cryptographic protocols, and while most websites claim to use an SSL certificate, it’s actually TLS that does the work. If your brand relies on secure communication, your team must know the difference between SSL and TLS as a top priority.

To help you safeguard your brand’s online presence, we at EBRAND offer a free brand audit that maps your digital footprint and flags impersonation or phishing threats.

The Evolution from SSL to TLS

The Secure Sockets Layer (SSL) protocol was originally developed to encrypt communication between web browsers and servers. SSL 2.0, released in 1995, was the first widely used version, but it contained significant vulnerabilities. Version 3.0 addressed many of these issues, but was eventually found to be insecure as well. Both SSL 2.0 and 3.0 are now deprecated.

Transport Layer Security (TLS) was introduced as the successor to SSL. TLS 1.0, released in 1999, retained the core architecture of SSL but improved its encryption capabilities. TLS 1.1, 1.2, and 1.3 have continued to refine the protocol, making it faster, more secure, and more adaptable to modern cryptographic requirements. Today, it is the modern standard for encrypted communication.

Technical Differences

While TLS and SSL are both cryptographic protocols that encrypt data between a server and a web browser, their technical foundations differ significantly. TLS supports newer, more secure encryption algorithms, including AEAD ciphers and modern elliptic curve cryptography. SSL relies on outdated algorithms that no longer meet today’s security standards.

Another major difference between TLS and SSL lies in the handshake process. The SSL handshake is slower, less flexible, and more vulnerable to downgrade attacks. TLS uses a more efficient handshake process, especially from version 1.2 onwards, supporting features such as forward secrecy and session resumption. TLS also provides stronger authentication methods and certificate validation mechanisms.

Both protocols use digital certificates issued by certificate authorities to authenticate the server and establish a secure connection. However, TLS certificates benefit from better algorithm support, better cipher suite negotiation, and more secure key exchange methods.

Here’s a side-by-side comparison to summarize the core differences between SSL and TLS:

Why the Term ‘SSL Certificate’ Is Still Used

Even though TLS is the protocol in use today, the term “SSL certificate” remains widely used in marketing and technical documentation. This leads to confusion for many users who assume they are installing an SSL certificate that uses the SSL protocol.

In reality, when you install a Secure Sockets Layer certificate today, whether a wildcard or a domain-specific certificate, it’s TLS that handles the secure communication. The certificate still performs the same function: it authenticates the server and enables encryption, but under the TLS protocol. Most SSL certificates and TLS certificates are essentially the same in function, but “SSL” persists as a legacy naming convention.

How SSL and TLS Work in Practice

Both SSL and TLS protocols enable secure connections using a multi-step process that involves server authentication, encryption setup, and secure data transmission. During the handshake process, the server presents its digital certificate to the client, which is verified using the public key infrastructure and trusted certificate authorities.

If authentication is successful, a shared session key is negotiated using a cryptographic algorithm, which then encrypts all communication between the client and the server. While the SSL handshake used to perform this role, the TLS handshake process has replaced it in modern secure communication.

TLS 1.2 and 1.3 also support newer cryptographic algorithms and remove outdated features that made earlier SSL versions vulnerable. TLS is used in HTTPS-based secure communication, email encryption, and other protocols, while SSL is no longer considered safe for any type of transmission.

Security and Compatibility: SSL Deprecation vs TLS Adoption

SSL is now considered obsolete. SSL 2.0 and 3.0 are officially deprecated, and most major web browsers and servers have disabled support for them. TLS 1.0 and 1.1 were also formally deprecated, but some legacy systems still support them. The recommended standards are TLS 1.2 and 1.3, which offer better encryption, shorter handshakes, and improved security.

TLS is the updated version of SSL in every functional sense. It supports modern authentication, robust encryption, and flexible protocol negotiation. Today’s secure certificates work over the TLS protocol by default. In fact, the SSL certificates that EBRAND issues with our clients all come with TLS encryption by default. Ultimately, TLS is the protocol that enables HTTPS encryption across the web.

Modern TLS Certificates and Certificate Management

Although the term “SSL certificate” still appears in dashboards, control panels, and product names, all certificates in use today rely on TLS. Whether you use a standard or wildcard Secure Sockets Layer certificate, the underlying encryption occurs via the TLS protocol.

Certificate management involves acquiring a certificate from a trusted certificate authority, installing it on your server, and ensuring timely renewals, particularly as industry standards regarding SSL certificate lifespans evolve. Implementing TLS also means staying current with the latest TLS version and disabling insecure versions of SSL or TLS.

When you install an SSL certificate today, you’re really implementing TLS encryption, because TLS is the cryptographic protocol that encrypts data, authenticates the server, and ensures secure communication.

Conclusion

The key differences between TLS and SSL lie in security, protocol design, and long-term viability. While SSL once set the standard for encrypted connections, its vulnerabilities led to deprecation. Today, its successor is not just more secure, but actively maintained and widely supported.

Despite the continued use of the term “SSL certificate,” it’s the newer protocol that handles encrypted communication across the web. If your systems still rely on outdated technology or ambiguous configurations, upgrading to the latest version is critical. Legacy methods no longer offer adequate protection; modern certificate deployment should be built entirely on current, secure protocols.

The post TLS vs SSL Certificates – How Are They Different appeared first on EBRAND.

It’s Halloween, and a new nightmare haunts the digital world, more threatening than any ghost or goblin. We call this cyberthreat the “Bionic Infringement,” a chilling fusion of AI and human cunning that spoils the festive season. Bionic infringements merge the speed and scale of artificial intelligence with the ingenuity of human operatives. As a result, industrial-strength threats flood search results and social media feeds with convincing fake shops and phishing traps, turning a season of excitement into an ecommerce nightmare.

Here, we’ll unmask this Halloween cyberthreat, detailing the dangers it poses to brands and customers, and providing a pragmatic playbook to fight back. You can also cut to the chase with a free brand audit to identify bionic infringements right here.

Unmasking the “Bionic Infringer” this Halloween

Imagine a factory where AI handles the heavy lifting, mass-producing deceptive copy, cloning site templates, and spawning legions of domain names and social accounts. Then, human ingenuity adds the finishing touches: subtle creative twists, payment-routing tricks, and adaptive strategies when defenses strike back. This fusion creates a scaled attack with a disturbingly human face, perfect for exploiting the busy Halloween shopping season.

These operations deploy with several frightening features. They mass-produce fake shops faster than you can say “trick-or-treat,” creating BogusBazaar-style waves in minutes. They use AI to generate authentic-looking product pages for popular Halloween costumes and decorations. Human operators then tune these operations for evasion, using curated payment routing and managing shipping behavior. Sometimes, they send counterfeit items, but more often, like a ghost, they leave nothing but a missing package and a stolen payment. They use distributed infrastructure and SEO tricks to drive traffic quickly, launching combination attacks that synchronize fake shops, social accounts, and phishing campaigns to harvest payments and Personally Identifiable Information (PII).

A Horror Story for Brands

The Bionic Infringement does more than steal a few sales. For marketing, legal, and security departments alike, the phenomenon unleashes a cascade of horrors. Bionic infringements commit direct customer theft and fraud, turning a consumer’s search for a Halloween deal into a nightmare of stolen payment data and identity theft. These attacks inflict severe reputational damage, as angry complaints and negative reviews spread like a ghost story, eroding trust. Increasingly, digital infringements place a heavy operational strain, causing a spike in support tickets and chargebacks that haunt finance teams for months. Furthermore, brands face increased legal and compliance exposure from mishandled PII, a truly terrifying prospect for any business.

The Infringer’s Halloween Playbook

The bionic infringer follows a sinister, repeatable pattern to target brands and their customers. First, AI generates a haunted template, cloning a brand’s site layout and product catalog at scale. Next, the operation unleashes a swarm of malicious domains. Then, they amplify their ghostly presence by buying ads and creating fake social posts. The core of the attack involves a digital trick-or-treat: convincing checkout flows and fake support chats designed to harvest credentials and payments. Human operatives constantly adjust the scheme, and when platforms exorcise one batch of fake sites, a new wave rises from the grave moments later.

While AI provides the infringer’s scale, human cunning forms the core of the attack. Experienced human scammers bring intuition about which Halloween product lines will convert, creativity in mimicking a brand’s voice, and the manual skill to evade automated detection rules. This human element makes these attacks persistently effective, as they can adapt and improvise where a purely automated system cannot.

Fighting Bionic Infringements this Halloween

To defend against this seasonal cyberthreat, brands must deploy a hybrid strategy that combines human expertise with AI powered tooling. This approach starts with constant vigilance. Organizations must implement automated high frequency scans to hunt for suspicious domain clusters and ad creatives. Your monitoring must cover the entire digital landscape where Halloween shoppers browse from search results to social platforms and online marketplaces.

When your systems identify a potential threat, your next steps must involve coordinated and rapid responses. Automated tools can gather evidence to accelerate legal takedowns, but human analysts lead the charge. Experts validate complex threats and coordinate directly with law enforcement and payment processors to disrupt the criminal operation. Your teams should also monitor payment flow anomalies, especially during the peak Halloween season, and the following ecommerce events like Black Friday and Cyber Monday.

You can also protect your customers by making your official storefronts and checkout flows clearly verifiable. Use dynamic trust signals like one-time codes to help shoppers distinguish your legitimate site from a fraudulent one. Beyond that, you can also boost these efforts with aggressive legal action. Proactively enforcing your intellectual property rights helps you build strong relationships with major platforms to ensure they assist your takedown efforts.

Finally, remember that collaboration strengthens your defense. Participating in intelligence sharing with other brands and law enforcement helps you coordinate your efforts for a data-led anti-scam strategy. When you pool your data to identify threat actors, you help your entire industry create a safer online landscape, during Halloween and beyond.

A Consumer’s Guide to a Safe Halloween Online

Customers must stay vigilant for several key warning signs this season. Watch for unexpectedly low prices on popular Halloween costumes or decorations. Scrutinize domain names for extra words or bad grammar. Be wary of requests for less secure payment methods and a lack of verifiable order numbers. If an offer seems too good to be true, it might be a trick, rather than a treat.

The Bottom Line: Don’t Be Scared

Bionic Infringements scale like a machine and adapt like a human, making them a uniquely dangerous cyberthreat, not just around Halloween. That being said, brands and organizations need not be spooked. The winning solution combines human investigators and legal experts, empowering strategies with AI for discovery and rapid response. Building this hybrid defense will protect their customers’ wallets and data, ensuring the only scares this season are the fun ones.

The post Halloween Cyberthreats: The Case of the Bionic Infringement appeared first on EBRAND.

This article unpacks the latest domain name trends, case filings, and policy updates. We’ll explore how businesses are leveraging WIPO’s dispute resolution process, the increasing role of AI-related domain disputes, and why strategic Corporate Domain Management should be a core component of your digital strategy in 2025 and beyond.  

WIPO’s Latest Domain Case Trends 

In 2024, WIPO received domain name disputes from trademark owners in 133 countries, marking one of the busiest years in UDRP history. The leading complainant countries included the United States, France, and the United Kingdom, reflecting the global nature of domain conflicts. Industries such as retail, banking, pharmaceuticals, and technology saw the highest number of cases, indicating that domain abuse is a widespread issue across multiple sectors.  

Notably, the report also highlights the sustained increase in ccTLD disputes. Countries such as Brazil (.BR), Spain (.ES), and Anguilla (.AI) reported record numbers of case filings, demonstrating the growing importance of localized domain protection strategies. WIPO also expanded its dispute resolution services to include .AD (Andorra), .CV (Cabo Verde), and .RW (Rwanda), ensuring broader coverage for brand owners.  

Beyond sheer numbers, recent cases highlight the evolving nature of domain threats. Impersonation and email-based fraud continue to be major concerns, with bad actors using misleading domain names to deceive customers and employees. In one case, scammers used the domain sluk-clients.com for a fraudulent email scheme impersonating a legitimate company, reinforcing the need for proactive domain monitoring and enforcement.   

AI, Phishing, and the New Wave of Domain Threats 

The rapid adoption of AI-related domains is reshaping the domain landscape. As businesses invest in AI-driven tools and services, domains with the .AI extension have surged in popularity. However, this growth has also attracted cybersquatters and opportunistic domain investors. In one notable dispute, a domain previously owned by SAP was acquired by a third party after expiring. The registrant argued that the domain had generic value, but WIPO ruled in favor of SAP, recognizing that the respondent had intentionally targeted the well-known brand.  

This trend extends beyond AI. The increasing use of deceptive domains in phishing campaigns is another critical concern. In 2024, 94% of organizations reported phishing attempts, often leveraging lookalike domains to trick employees into sharing sensitive information. One WIPO case involved myhrhersheys.com, which was used to target employees with fraudulent login requests. These cases highlight the importance of proactive domain security measures. For example, sophisticated domain monitoring could have precented this kind of attack. Combining with automated firewall updates, proactive threat reporting, and an optimized domain portfolio provides the best security to defeat cyberattackers and protect your brand. 

What the WIPO Report Means for Businesses in 2025 and Beyond 

For businesses, these trends signal a clear need for a stronger domain protection strategy.  

A comprehensive approach to domain security should include proactive monitoring of brand-related domain registrations and relevant, rapid enforcement against cybersquatters, and measures like strict DNSSEC implementation to prevent email spoofing. Businesses should also evaluate their domain portfolios, ensuring that key trademarks are secured across relevant TLDs and ccTLDs to prevent unauthorized use.  

The rise in domain-related fraud also presents opportunities for managed service providers (MSPs) and cybersecurity firms. As businesses struggle to keep pace with evolving threats, MSPs can offer domain security services, helping clients detect fraudulent domains, enforce brand rights, and mitigate phishing risks.  

The Role of Corporate Domain Management 

Managing a corporate domain portfolio is no longer just about securing a primary brand name—it’s about actively defending against cyber threats and maintaining a resilient online presence. Effective Corporate Domain Management solutions involve a comprehensive set of strategies, all revolving around securing your online presence and your core digital assets.   

These strategies include tactics like domain renewals, domain blocking and reliable detection and quick action against infringements. Ultimately, a modern brand’s goal should be the consolidated secure management of an optimized domain portfolio. With the help of domain management experts, and smart software solutions, you can actively register and renew your core domains, and implement domain blocks over critical brand strings.   

Domain blocking services provide another layer of protection by preventing unauthorized parties from registering brand-related names across multiple TLDs. Businesses should also stay updated on policy changes, such as WIPO’s ccTLD dispute resolutions, to ensure they have the right enforcement tools in place. Beyond blocking, domain, monitoring solutions help you implement sophisticated patrols of your digital landscape delivering swift enforcement onto abusive domains. With the help of digital risk protection experts, swift enforcements against abusive domains deliver cost effective alternatives to resolving disputes. 

Regular domain audits also help businesses identify gaps in their portfolios and assess potential risks. With increasing domain disputes involving AI and emerging industries, companies should consider registering the right defensive domains in high-risk categories. These kind of tactics covers further risks with powerful monitoring, intelligently countering cybersquatting threats. Anti-cybersquatting protocols form part of a well-rounded Corporate Domain Management strategy, along with the seasoned expertise and technological know-how to keep your assets boosted and protected. 

Conclusions: Implement WIPO Warnings with a Free Domain Check

The latest reports, and the threats at play, make one thing clear: businesses can no longer afford to take a passive approach to domain security. With cybersquatting, phishing, and AI-driven threats on the rise, proactive management is the key to protecting your brand online.  

In light of the WIPO’s reports, we must also remember that it’s not always the right strategy to go in for a dispute in the first place. Blocklisting and Takedowns deliver an integral (and cost efficient) part of a strategy too, especially when considering the vast field of possible variations that cybersquatters can register in the domain space.   

EBRAND offers a free domain check to help you assess vulnerabilities in your domain portfolio. Find out if your brand is at risk and take the first step toward a stronger protection of your valuable and business critical digital assets today. 

The post The Latest WIPO Domain Reports and What They Mean for You  appeared first on EBRAND.

Evolving domain landscapes offer plenty of new risks, as well as new opportunities, so here’s a complete domain strategy for 2025. 

1. Defining your Domain Strategy  

Domain strategy isn’t a one-size-fits-all solution, and businesses must tailor their tactics to meet their needs. Businesses often maintain multiple brands and products, requiring different domains and extensions to launch, promote, and sustain them. Deciding which domains to maintain, scale back, or expand depends on your trademarks, popular products, and next line of services.  

Beyond that, your target markets also shape your strategy in 2025. Different continents, countries, and regions all have different domain extension preferences, based on languages and cultural idiosyncrasies. Equally, different regions and extensions also pose different threats, from infringements to fake shops and phishing attacks. Businesses often fall into the trap of creating a unilateral strategy for each department, or even multiple competing strategies that clash and conflict, between marketing, legal, IT, and security teams. Busting these silos, and outlining your goals in terms of IP and geography lays the foundations for an effective, holistic domain strategy.   

2. Exploring the Domain Landscape

Once you’ve locked in your goals in terms of branding and scope, it’s time to see what’s out there in the domain landscape. Businesses typically identify a domain wishlist for TLDs and CCTLDs, but they should also be aware of what’s over the horizon. Registries are always launching new domain options, and each TLD launch opens a new avenue of digital opportunity. Since ICANN launched their new gTLD program in 2012, over 1,200 new domain extensions hit the market, highlighting the industry’s rapid growth. Some companies even register their own ‘piece of the internet’, by establishing their own dotBrand domain. While it’s important to register existing domains for the here and now, keeping an eye out for the most valuable new launches helps future-proof your strategies, embracing new opportunities as they arise. 

Get the latest on choice new TLDs like .Tr, .Music, and .Lifestyle in our recent guide. 

3. Monitoring your Domain Strategy Effectively 

Acquiring your domains, and your domain wishlist, is just the beginning of a robust domain strategy. Businesses must also implement domain monitoring, to check for changes in the landscape, and detect and malicious infringements or suspicious registrations around their brand before they cause any harm.   

Historically, businesses deployed manual domain monitoring strategies, searching each registry for each string one by one. Traditional tactics also included organizations trying to register their way into safety, and wasting resources on every possible domain available. Modern monitoring strategies take a smart, nuanced approach, deploying smart tools and savvy expertise. These solutions take the hassle out of your domain strategy, sweeping attack vectors and infringement channels with AI and automated detections to keep your brand safe. Learn more in our detailed domain monitoring deep dive.  

4. Implementing a Domain Blocking Strategy 

Rather than passively waiting for a domain infringement, or even actively searching for them, forward-thinking brands support their strategy with domain blocking. Blocking tools allow brands to register their intellectual property with various digital authorities, and block malicious parties from registering key domains.   

The market provides various types of domain blocking. These include:  

•  AdultBlock, for blocking adult-themed domains  
• DPML, for blocking registrations across a vast portfolio of around 200 gTLDs 
• GlobalBlock, a new solution with an unprecedented breadth of coverage, including double or even triple the quantity protected DPML. 

Domain blocking helps protect your domains without the expense of defensively registering tonnes of extensions, so it’s well worth exploring to enhance your domain strategy. Get all the details right here in our domain blocking guide.  

5. Optimizing your Domain Portfolio 

A company’s journey is rarely straightforward, and many feature employee churn, strategic changes, and even mergers or acquisitions. These evolutionary cycles leave a lasting mark on your domain portfolio, like the knots and rings on a tree. Unfortunately, this organic growth often fosters an inefficiency that an effective domain strategy seeks to correct.  

Mergers and international expansion often result in businesses relying on multiple hosting providers and registrars. Some lose track of their administrative controls, or even forget which domains they’re paying for altogether. Corporate Domain Management therefore plays a crucial role in organizing your domain portfolio. With the solution in hand, businesses regain control of their valuable digital assets. Consolidating domain portfolios and strategically organizing their resources, businesses minimize waste and maximize value. 

6. Securing your Domains 

Domains underpin crucial ecommerce operations, making them a prime target for cybercrime. Fortunately, domain cybersecurity experts provide several key concepts to live by, and tools to implement them, that keep your assets safe and secure.   

EBRAND’s Chief Technical Officer, Anouar Adlani, provides a definitive domain cybersecurity checklist for any business looking to reinforce their defences and keep hackers at bay. Key principles include registrar access control, domain change management, domain name protection, and more.   

A working knowledge of security features like Registrar & Registry Locks, DNSSEC, SSLs, DMARC, SPF, and BIMI all help your team build a well-rounded, versatile, and secure domain strategy. For more first-hand guidance, get Anouar’s insights right here.  

7. Staying Vigilant across all Threat Channels 

A comprehensive strategy keeps your domains efficient, secure, and potent, which is a big achievement for any modern brand. However, businesses must also recognize that threats arrive from other channels, beyond the domain landscape. Incorporating other risk protection and brand protection solutions into your strategy provides the best chance to boost and protect your brand in 2025 and beyond. 

When it comes to risk protection, brands face all kinds of threats and infringements online. These span from ripped-off branding to company colors, imagery, and more. The newest generations of infringement tactics often target senior management teams on social media, and some even launch fake apps on app stores. Scammers attack domains, businesses, and executives, making Digital Risk Protection a vital avenue for forward-thinking businesses to explore.  

Similarly, brands also face infringements and impersonations across digital marketplaces and web shops. Brands with physical products face counterfeiters and fake shop scammers, while service providers see their services impersonated on web copy and social media channels. Online Brand Protection helps industry leaders take a stand against scammers, delivering the tools and expertise to fight back and protect their digital presence.  

Conclusions: How to Build your Domain Strategy

In conclusion, building a great domain strategy is easier said than done. Businesses need to balance their branding priorities with their budgets, and with the ever-volatile landscape of available domains. They need to find a strategy that works not just for the IT team, but also for legal, and sales, and marketing, and security, and anyone else with an interest in the company’s successes. It needs to be broad enough to achieve your ambitions, but not too broad that it wastes your resources. A complete domain strategy for 2025 must evolve the calendar year, accounting for the many threats and opportunities looming in the next 5, 10, 20 years, and more.   

As experts in the field, we’re more than happy to talk it through. Reach out to the team for a free domain audit right here. 

The post A complete domain strategy for 2025 appeared first on EBRAND.

It will be exciting to see which new applications come up. Generic and regional extensions like the formerly applied for .shop, .app or .tokyo might find new neighbours, along with new DotBrand applications by business leaders who want to own a new slice of digital real estate.

Any company or organizations interested in applying for a new gTLD or a DotBrand must also consider lessons learned from the past round. These lessons help us avoid delays, and beyond an application success, help us make the most of our potential and put the new DotBrand to good use.

What’s happening, and when?

Come Q2 2026, ICANN plans to open the next round of new gTLD applications – with the Applicant Guidebook (detailing the application process) expected to be completed by May 2025.

This leaves close to nine months for potential applicants like brand owners, regional governmental organizations, entrepreneurs or even companies engaged in the crypto world, to take an educated decision whether applying for an own TLD provides strategic benefits when compared with alternatives like a streamlined and modernized global domain strategy.

What’s a DotBrand?

A DotBrand (sometimes also called a branded top-level domain or branded TLD) is a type of internet domain that is specific to a particular brand or company. Instead of using generic top-level domains (TLDs) like .com, .net, or .org, or even country-specific ones like .co.uk or .fr, some companies applied for and operate their own branded TLD, such as .google for Google or .apple for Apple.

What happened during the first round of new gTLDs?

A total of 1,930 applications were received for new generic top-level domains (new gTLDs), including both generic and brand-specific terms.

These applications included some 600 DotBrands, with most passing through the process and being technically delegated – but more than some fell into a dormant stage afterwards, with their potential never leveraged.

Why do so many DotBrands fall short of their full potential?

Many companies applied for Dotbrands without a clear plan for how to integrate them into their existing digital strategy. In some cases, the novelty of gTLDs might have led to applications motivated more by a competitive attitude rather than a well-thought-out business objective, too.

This lack of clear objectives fosters short-term decision-making. When relevant departments limit their input to the new gTLD strategy, this also hampers its potential. Without full buy-in from marketing, sales, legal, and technical teams, applicants struggle to see their return on investment. Some DotBrands even lapse, following a lengthy registration process – with a view on effort and application cost, this presents a financially disadvantageous development.

There are further strategic, technical and market related topics and barriers that should be addressed prior to taking the decision to apply for a DotBrand.

Why should you consider applying for a DotBrand (or a new gTLD) nevertheless?

Despite the challenges faced by companies in utilizing their DotBrand, there are several positive aspects and potential benefits that could justify a participation in the next round of applications. Here are some positive remarks that could drive your decision:

• Enhanced Brand Visibility and Control

A DotBrand can allow you to stand out in the digital space, and moreover set the rules on your own playground.

• Marketing and Innovation Opportunities

Use a DotBrand for creative and novel marketing approaches. Tailor domains to products or campaigns and improve customer experience.

• Future-Proofing Digital Strategy

Position your company for future trends and digital developments like e.g. voice search, where a DotBrand domain can provide flexibility and advantage.

There are more possible benefits and considerations, that should be part of a diligent preparation for a new gTLD / DotBrand project.

What lessons can we take from the last round?

Be diligent and use the time you have on your hands. Don’t wait till there’s pressure to take a decision but weigh all pros and cons well in advance. Interdepartmental silos trip plenty of businesses up, so successful firms account for each stakeholder and their role in the process going forward. Beyond that, each each stakeholder brings their own set of agendas, and their own timeline, which shapes the course of your new gTLD strategy.

If you decide to apply for a DotBrand, involve all key departments before, during, and after the application process, to ensure a successful project and avoid issues caused by a siloed approach.

And finally, bank on the experience of specialist partners to provide insights and best practice advice across departments. By addressing past challenges with strategic planning and clear objectives, you can leverage DotBrands to achieve significant digital and competitive advantages.

For more information, check our our in-depth guide, or contact your trusted EBRAND advisor.

The post The next round of new gTLDs: Lessons on DotBrands appeared first on EBRAND.

In domain shadowing attacks, the only tell-tale sign hides in a hard-to-spot place: the URL. Business and internet users alike must stay alert for these kinds of attacks, to keep their incomes safe, and avoid surprises from devious cybercriminals. Fortunately, learning about these tactics, and how to tackle them, delivers the best chance for happy, successful ecommerce going forward. 

What is domain shadowing? 

Cybercriminals initiate domain shadowing by compromising domain owner credentials, often through phishing or dictionary attacks. Once access is gained, they create multiple subdomains under the victim’s root domain. These subdomains are utilized for malicious activities like phishing or malware distribution, operating separately from the victim’s main website. The tactic relies on exploiting the main domain’s reputation to deceive users, making detection challenging. Despite potential server investigations, evidence of malicious subdomains is elusive as they are hosted elsewhere.  

A recent example of a domain shadowing attack 

Domain shadowing would ideally remain an abstract concern, worth worrying about, but without any real-world implications. However, that’s hardly the case. A recent investigation into domain attacks in the UK found that hackers increasingly imitate leading banks, exploiting financial concerns in the wake of the cost of living crisis. The scam campaigns coordinated networks of deceptive digital assets, including email addresses, social media accounts, emails, and crucially, shadowy subdomains and landing pages. Scammers tricked vulnerable banking clients with scam warnings and detail requests over email, then directed them to lookalike login screens on their domain shadowing servers.   

These attacks hit home, extracting thousands from innocent victims, and damaging trust and relationships beyond repair. With similar campaigns also spoofing industry-leading delivery companies, no sector seems safe from domain shadowing’s deception. 

The impact on internet users 

While domain shadowing might seem like an abstract and technical concept, it creates real-life consequences for innocent internet users like you and me. This insidious practice involves cybercriminals creating malicious subdomains under legitimate websites, leading unsuspecting users into dangerous traps.  

One of the most harmful effects of domain shadowing is the theft of money, often from vulnerable users who cannot afford to lose it. 

In addition to financial loss, domain shadowing hackers steal private details, such as credit card numbers, banking information, home addresses, and more. Victims suffer the arduous process of changing cards, opening new accounts, and getting new phone numbers to protect themselves from further fraud. Unchecked shadowing attacks lead to inconvenience, along with significant emotional and mental burdens.  

Domain shadowing targets often experience fear and anxiety, constantly second-guessing the legitimacy of websites and emails. Scam campaigns erode public trust in well-known brands and legitimate e-commerce sites, leading to a broader climate of distrust. As a result, spoofed businesses suffer severe reputational damage and financial losses, as wary consumers steer clear online.

How domain shadowing affects businesses 

Domain shadowing inflicts severe consequences on businesses, dragging reputations through the mud, draining financial resources, and raising legal liabilities. When hackers associate their scams with legitimate brands by impersonating their websites, customers lose trust. Careers suffer as professionals lose track of their growth targets, and hierarchies lose faith in their organization’s security.  

In the wake of a phishing attack launched through domain shadowing, businesses often undergo a lengthy infrastructural rebuilding process. Restoring compromised systems and implementing stronger security measures from the ground up can strain financial and human resources. Reactive fixes, implemented after an attack, always cost more than proactive digital risk protection. By contrast, businesses who act early can mitigate threats before they arise.

How to fight back 

Domain shadowing poses serious threats across the internet, but when brands face these threats head-on, they find the right solutions to protect their infrastructure and their clients. Ultimately, these solutions resolve around a modern and comprehensive domain strategy. Strategic Corporate Domain Management covers several angels, starting with security, strengthening vital principles like account security and access control.

In such solutions, domain experts implement tactics like passwords with two-factor authentication, DNSSEC, and Organization Authentication Certification. Beyond that, strategic website monitoring and blocking helps you identify threat indicators like malicious subdomains, and stop them from harming unsuspecting visitors in your name. Our Chief Technical Officer provides a comprehensive domain cybersecurity checklist if you’d like some more insights from another expert source.

In conclusion, domain shadowing poses a significant threat to businesses and consumers alike, highlighting the importance of cybersecurity vigilance and proactive risk management strategies in modern digital landscapes. By understanding the workings of domain shadowing and implementing effective security measures, organizations protect themselves and their customers from cyber threats. 

The post Domain shadowing: How hackers hijack your website  appeared first on EBRAND.

Consumers and businesses need strategies to beat these attacks that go beyond the eye-test. Data-led risk protection solutions use sources like a DNS lookup to strengthen security postures and deliver the tools you need to tackle scams. The tactics we’ll explore today help you combat phishing campaigns and protect your organization online.  

How are phishing attacks evolving to trick their targets?

Phishing attacks typically involve whole webs of fake assets. Scammers pose as legitimate service providers to trick visitors into filling out forms and leaking passwords and financial data. In fact, EBRAND CTO Anouar Adlani recently highlighted ten different types of domain spoofing, from doppelgänger attacks to sound squatting, as criminals leverage new technologies to diversify their scams.  

Recent studies also reveals what scammers do after monetizing stolen data. A University of Arizona research paper, supported by Google, PayPal, and an APWG Board Member, shows that “credentials of 63.61% of these compromised victims would additionally appear in a public dump”. Businesses and consumers therefore require a data-led anti-phishing strategy, empowered by insightful sources like DNS data. 

What is a DNS lookup, and how is it relevant to phishing attacks?

DNS stands for Domain Name System. A DNS translates human-readable information, like website names, back and forth between machine-readable information, like IP addresses and other back-end website infrastructure. During a DNS lookup, we query a domain name system to find out specific back-end information, typically including an IP address. 

With DNS lookups, anti-phishing solutions use IP and related information to learn more about threats online. This information reveals some clues about a website, which we can use to detect dangerous fakes and validate legitimate pages.  

What tactics can the data from a DNS lookup support?

Digital Risk Protection experts protect businesses from phishing attacks and other threats by comparing DNS information with key data sources. These sources include insights from scam databases, and any information you’ve gathered yourself. 

The phrase “know your enemy” holds true for anti-phishing strategies, and the kinds of data that DNS searches reveal support the following strategies: 

Data Enrichment: Businesses use DNS search results to spark more insights for well-rounded threat intelligence. DNS records, Passive DNS logs, and WHOIS registration data provide detailed metadata about a domain, including when it was created, where it’s hosted, the services it uses and the IP addresses with which it historically interacts. This information often serves as a threat indicator for phishing attacks. For example, recently domains are often more suspicious than established ones. 

Pattern Recognition: DNS data reveals patterns that phishing sites typically display, such as frequent IP address changes or the use of certain domain registrars known for hosting malicious sites. 

Chain Analysis: A single DNS lookup can unveil associated domains or subdomains, uncovering possible phishing sites, and larger networks of cybercriminal infrastructure used to target business and consumers. 

Geolocation Filtering: Knowing the geolocation of the IP address helps businesses identify high-risk zones that frequently launching phishing attacks, boosting threat intelligence.

Reputation Scoring:  Several databases score domain reputations based on DNS and other network signals. When cross-referenced with these resources, DNS lookups deliver useful reputation insights that anti-phishing experts incorporate into their phishing detection algorithms. 

How DNS data supports augmented threat intelligence

EBRAND informs its threat intelligence with DNS data from sources like the eCrime eXchange reports delivered by APWG, The Anti-Phishing Working Group. These reports provide records of maliciously registered domain names from APWG’s members’ personnel, along with other data assets such as known dangerous IP addresses. APWG, an organization with decades of anti-phishing excellence, forms an international coalition of peer-expert data correspondents dedicated to tackling cybercrime.  

Through the curated exchange of cybercrime report records marked for reliability and strictly curated for data fidelity, APWG organizes effective anti-phishing action alongside their potential with EBRAND. The group also makes their data reports programmatically recruitable by security professionals and security applications developers. Their phishing Webpage tool, pictured below, lets individuals and organizations report suspicious websites. APWG members and personnel then review the reports, writing to APWG’s Phishing URL API endpoint (/phish). Adding confidence factors (CF) also helps indicate record reliability.   

The group’s members, including EBRAND, write reports directly to /phish with CFs. These CFs immediately create usable records, beyond the capabilities of third-party or volunteer-assessed data pools. 

Digital Risk Protection platforms like EBRAND’s X-RAY also incorporate DNS searches into its anti-phishing and threat detection tools. Whenever the solution detects suspicious activity online, EBRAND conducts a DNS search to learn more about the threat. EBRAND’s X-RAY then enriches DNS data with cross-channel sources to unmask phishing attackers. The solution reports any identified attackers to threat intelligence groups, including the globally recognized APWG eCX.  

As a champion of round-table OSINT (Open Source Intelligence) APWG works as a formal data correspondent with EBRAND. Together, the organizations protect brands and tackling cybercriminals. EBRAND, a founding APWG.EU corporate collaborator, signed the APWG’s Data Sharing Agreement in January 2022. With APWG, EBRAND uses eCX and contributes to the global cybercrime data clearinghouse. 

Conclusions: Proactive anti-phishing with DNS tools

Cybercriminals continuously diversify their phishing tactics, surpassing the eye-test and threatening brands, employees, and consumer-bases alike. Fortunately, for each new phishing trick, a data-led solution helps businesses boost their threat intelligence and outsmart criminal campaigns. DNS data delivers a vital source for anti-phishing strategies, whether you’re part of a team, or browsing solo. Anticipating DNS threat indicators with a risk protection solution, and collaborating with informed groups like APWG, helps make the internet a safer place. 

The post How can a DNS lookup improve your anti-phishing threat intelligence? appeared first on EBRAND.