Deliver predictive threat intelligence data directly from our platform to yours integrated via Webhooks and APIs.
With our concerge service, we do all of the work for you! One of our experts will monitor your account every day, and if we thin something should be shut down, we call you.
DomainSkate’s DomainSkate Professional monitors domain registrations, analyzes phishing websites, identifies typo squatting domains, and maintains a domain watchlist.
Everything from DomainSkate Professional, and we include 50 takedowns per brand per year!
We offer easy-to-use APIs to utilize and integrate our available services into other systems.
Dive into a world of expertise with our webinar videos. Explore insights, trends, and practical tips from industry experts.
FInd a wealth of expertise through our blog posts. Discover insights, trends, and practical tips from industry experts.
Get a free market study that uses DomainSkate’s proprietary data, with comments and analysis by industry researchers.
Find out how Law Firms increase billable hours and client retention with DomainSkate.
Learn how our AI-supported threat intelligence feeds expose the problem, and provide solutions.
See how eCommerce and other Retail companied save millions protecting their brand with DomainSkate.
Avoid lawsuts and reguatory fines by diligently finding, monitoring, and shutting down fake websites.
Meet the executive leadership at DomainSkate
Lean about our origins and our remarkable growth.
Learn about our existing partners, vendors and partner programs.
Join the flexible, professional team at DomainSkate!
We have multiple types of channel partnerships – just ask us!
The webinar on phishing attack prevention led by David Schropfer, Executive Vice President of Operations at DomainSkate, emphasized the importance of identifying and taking down fake websites before they can be used for phishing attacks. David Schropfer and David Mitnick, the CEO, stressed the need for vigilance in identifying potential threats and demonstrated the use of the Domains case system, their main dashboard for tracking new developments, crucial matters, and active threats.
Phishing Attack Prevention Webinar
David Schropfer, the Executive Vice President of Operations at DomainSkate, led a webinar on phishing attack prevention. He was joined by the CEO, David Mitnick. David Schropfer detailed the process a scammer typically goes through to initiate a phishing attack, which includes inventorying multiple domain names before launching a fake website. He emphasized that the first response from a legitimate company being mimicked is usually to blacklist or take down the fake website.
Phishing Scammers’ Tactics and Prevention Strategies
David Schropfer discussed the tactics used by scammers to set up fake websites and launch phishing campaigns. He explained that scammers typically register a domain and upload no records until they’re ready to use it, and then steal the code for a real website. They will then set up an ‘A record’ to point to the website and build a fake version. David emphasized the importance of identifying and taking down these fake websites before they can launch a phishing attack. He also mentioned that scammers need to have multiple domain names ready to move their website code to, to stay ahead of legitimate companies.
Vigilance, Domain Inventory, and Threat Labeling
David Schropfer and David Mitnick discussed the importance of vigilance in identifying potential threats before they escalate into larger attacks. They highlighted the value of inventorying multiple domain names associated with fake websites, as it often reveals scammers’ tactics of using trusted brand names to confuse people. They demonstrated the use of the Domains case system, their main dashboard where clients can track new developments, crucial matters, and active threats. The discussion also emphasized the significance of labeling domains as potential threats and associating them with specific threats, such as phishing or malware.
Domain Threat and Resolution Discussion
David Mitnick discussed the status of a domain registered in November 2023, which was noticed to have changed. He highlighted that the domain was not resolving to anything and had an Mx record, indicating potential threat. David proposed marking it in the system as a potential threat or even taking it down. He also mentioned an earlier site that was up in June 2023, and the data available, including the IP address, DNS record, and MX record. Unknown speakers confirmed that the IP address was the same as a previous issue.
Domain Name Monitoring and AI for Scam Prevention
David Mitnick and David Schropfer discussed the importance of monitoring domain names to detect and prevent scams and phishing attacks. They highlighted the use of AI to identify similar domain names and the ability of their system to alert clients when changes occur. They also demonstrated how to identify and cross-reference IP addresses and DNS records. The discussion ended with David Schropfer encouraging attendees to contact him for a proposal if they’re interested in using their service for domain monitoring.
David Schropfer 00:00:01
David Mitnick 00:00:31
David Schropfer 00:00:35
David Schropfer 00:02:46
Next, before anything can functionally happen, when you register a domain. All of the records, of course, are blank at the moment that that domain is registered. Now, to save money and to save time and effort, what the Scammers will do is upload no records until they’re ready to actually use it.
So to set up for any website, any website you’ve ever visited in your life has what’s called an a record attached to it. That’s a number that’s associated with the registrar, and every domain needs a registrar to manage the basic records of the of a domain. The Scammer would have to set up that a record to point to the website. Now, if that a record doesn’t exist, the website doesn’t exist, and that’s an extremely important point.
So next, they’re going to steal the website code if they haven’t already. And stealing a website isn’t as hard as it sounds, and you know, a long time ago it used to be incredibly easy. You copy and paste the HTML code, and you’re done now. It’s more complex with library files and CSS. Scripts and or Javascript and DNS files, etc. But over time the Scammer can overcome those issues, and what they’ll do is they’ll build a fake website. And then, typically like, take an e-commerce reps website as an example, they’ll just put every item at 40% off or 70% off, or some outrageous number, and then basically ship absolutely nothing. It’s it’s a classic scam, or just an example of a classic scam. So, at this point. They’re stealing the fake. They’re stealing the real code. They’re building the fake website. And then when all of that is completely put together, the A record the multiple domains, the fake website, then, and only then, can they actually launch that website and start doing bad things, or that start stealing money from the customers who think they’re going to a legitimate company.
And a fake email campaign is exactly the same. We’ve all received those emails that look exactly like a company that we’re used to doing business with, typically a bank. an insurance company, maybe a financial advisor, somebody who handles money because, you know scammers go to where the money is logically. So. Same process, more or less, they have to inventory multiple domain names for the same reason they have to set up what’s called an MX record. Again. You can’t send an email under a domain without an MX record set up with a registrar.
Then they have to find a legitimate email from that company. And again, it’s it’s still using similar type of code as a website, either HTML or something similar to that to get the graphics and the language and the font type and everything else exactly the way the company wants it, they steal that they build a fake email. And then they can launch the phishing campaign more nuances to it than a website, a website. You’re advertising a phishing campaign. You’ve got a list of email addresses that you want to send that to.
So the trick to exactly what we’re talking about, which is finding and taking down that fake website before it gets to the end before that phishing attack is launched is right here. We’re looking for the A record associated with a given with a given domain name or an MX record associated with a given email attack.
So, David, I’m going to turn it over to you for a moment to give us some examples of of what this looks like, generally speaking, and I think you have one already queued up. Correct?
Unknown Speaker 00:06:29
Sure, yeah. And I’m just going to as a quick. Add on to what you’re saying, David, because with these arrows here pointing to the A record, the Mx record that’s absolutely dead on the other thing, too, is
David Mitnick 00:06:42
is having, you know, like inventorying the multiple domain names that you noted. Under the fake website.
That also gives us a very, very strong investigative very strong place to investigate in terms of finding these things, you know, in terms of associating. What are they being associated with. Usually when a scammers inventory and multiple domain names, they’re going to inventory multiple. They’re going to inventory domain names that they think are going to confuse people. So they’re going to use brand names. They’re going to use things that are known, things that are trusted. So and with that we’ll we’ll jump into this next piece.
David Schropfer 00:07:22
Okay?
David Mitnick 00:07:26
So from what you were saying.
I’m just making sure you can see my screen.
Yes. Okay, great. So the question is, you know, in terms of finding you know, finding these threats before they become, you know, bigger attacks.
Unknown Speaker 00:07:47
The critical part is is being vigilant, is watching.
David Mitnick 00:07:50
And so here, here’s the we. What we have here is the the Domains case system. This is the main. This is the main dashboard. This is where our our clients come to find. You know what you know, that they can look at what anything new that’s come through the pipeline. They can look at things that they’re watching, that are really important to them, or even things that they’re acting on, that. You know, things that they’re actually actively pursuing in terms of threats.
So we’re going to just click on watch here in terms of things that we’re watching because we’re wondering, you know, like, how do we find in terms of picking out these things? What are the things that we need to be worried about? Well, if you go into our system. It’s actually, very, very simple.
We can go in
and actually, and you can click on one of these vectors.
We’re going to click on a next record, and we’re going to see what is, you know which ones which domains that we have found that are mimicking our.
the the trademark owner’s name.
That also have annex records. Okay, the next thing that we’ll do is we’ll we’ll look at
and mark anything that’s been labeled as a threat. So every domain that comes to our system is labeled pot as as a potential threat or as a
as you know.
Unknown Speaker 00:09:06
I guess, safe.
David Mitnick 00:09:08
So here we have. We have
we have 2 records, 2 domains that are labeled that have Mx records, and they’re been labeled in our system as either potentially as phishing or malware.
Unknown Speaker 00:09:21
Now.
David Mitnick 00:09:23
this is this is really really important, because we we have now matched up
the record, the name with the threat, and we can sort of know what’s going on. The other thing, too, is we’ll just click on. We’ll click in here onto this one, which is Henry spelled with 2 rs.
This is for Henry shine. and we can just take a quick look here, this is our latest.
This is the latest information that we have on this domain. Now, this is January third, 31, 2024. This is the lot. We we check these every single day. But the last time that we noticed the change, whether it was from the on the website or whether it’s with the Mx record or whatever it might be. But something is going on here, because, as you can see, right, the domain was created in November seventh, 2023 was updated on the nineteenth.
It expires okay, 2024,
and we have our IP address and Dns record here. so
Unknown Speaker 00:10:23
there’s
David Mitnick 00:10:25
we’re right now. It’s not resolving to anything but
Unknown Speaker 00:10:29
the fact that it is not resolving to anything.
David Mitnick 00:10:32
and the fact that it has an Mx record, and we’ve marked it as a potential threat means that this is something that needs to be watched very, very carefully, if not immediately taken down.
and in our system we that we can of course, take it. We can, of course, take
take the first steps towards taking it down by just simply marking it in the system as as a takedown. But these are these are the things that you would wanna look at now if we look at the history here
because this thing has been in in our system for a little bit little while we look at June eighteenth, 2023. Okay, there was a site up here. right? So it’s it was and then we have all the data here. We know that the page title
and there’s not a ton of there’s not a ton of who is can be really tough sometimes. But we have the IP address. We have the Dns record, and we have the Mx record.
You can see
Unknown Speaker 00:11:25
that this IP address
David Mitnick 00:11:27
1 7 2.1 8
Unknown Speaker 00:11:34
the same as what we were dealing with before.
David Mitnick 00:11:37
So now, at some point this domain expired, it got re picked. It, got picked up again. I think this is but also part of the whole. What David was talking about earlier about how multiple domain names have to be.
can be have to be have to be used in order to run these attacks properly.
This is the perfect example. So just going back for 1 s here, if we go back in.
go into watch. Click on Mx record pitching malware. One of the things that we can also notice is that
there’s another that there’s another domain here, right? So doesn’t necessarily mean that they’re that they’re that they’re linked. But we can find that there’s another th. There’s potentially another threat here.
So hendershines.com. We’ll click on this.
Unknown Speaker 00:12:31
That’s a second.
David Mitnick 00:12:38
we can see the data. Interestingly enough, this domain on the other end, the domain that we just looked at. We’re both registered in Iceland. They do have different IP addresses.
and we can just take a look at the history here. So there’s nothing we’re not capturing anything on this screen. It doesn’t matter.
It doesn’t matter, though, if there doesn’t need to be a website that’s up and running that you can visually see in order to run an effective campaign as long as the Semx record is up, even if it’s kind of lying low.
Unknown Speaker 00:13:12
In terms of, you know, activity, visible activity that you would go to.
David Mitnick 00:13:17
You know the days of having a registrant give their you know. Correct? Who is information and provide, you know, detailed it. It’s just not going to happen. So we have to find other ways, other vectors to find. And in this case the Mx record is really critical.
And David, while you’re on that page, if you could scroll back down to the Mx Record sure
David Schropfer 00:13:41
section.
so the importantly using a system like this.
the the system itself will also send an alert when something changes right the moment this domain was registered, whenever that originally was, whether it was January twelfth, 2024, which is obviously very recent, which you can see up here.
Or if it was, in fact, originally registered long before that, and somebody else was either under somebody else or under the Scammer.
The point is, the record was blank until the Scammer actively started, adding, in some of those other records like the IP. Address and the Dns records, and of course the Mx records
one of the key features of the DomainSkate system is that we will notify you as a client when one of these records changes. That’s critical, because, you know, again, on day one, it’s blank. And then at some point, those Mx records had to go up.
David Schropfer 00:14:41
So before the phishing attack can begin, those Mx records have to be created and an email goes, goes goes out on the same day
that those Mx records go up which gives notice to the client. He’s something maybe going on here. Let’s take a look. So in that way, you’re able to focus your attention. Only where there’s change happening.
David Mitnick 00:15:01
Yeah. And and and yeah, that’s that’s exactly correct. And the first piece is, you know, the system finds that the moment that it’s registered that the domain is registered, whether or not there’s an Mx. Record, an a record, or whatever might be going on there, the system, the system detects it and puts it in and says, Hey, this is something that you should take a look at
once that once it’s in, once we because the name is critical. The domain is critical in terms of, you know, confusing and running the scam confusing users.
it’s it’s a matter of sitting and looking and saying, Okay, is there going to be any other activity here, you know.
and as soon as something changes, whether it’s any of the administrative information like you said or the dns information. That’s when we know that this is something that we have to take seriously. The other thing that we can do in the system
is we can go back
and we can cross-reference things. So if we want to take, if we take an IP address, or if we take an Mx record
and we put it into the system, we can see what else is showing up for that name.
That is also using that same X record.
So all of a sudden, now we have 1, 2, 3, 4, 5. It’s not to say that they’re all necessarily related. But there’s a strong possibility that some of these are being held by the same by the same registrant. Even if it’s not necessarily visible.
we would do the same thing with the IP address. Dns records just making sure that everything is, you know, trying to find those points of similarity.
particularly when we don’t necessarily have it exactly with who is
David Schropfer 00:16:40
perfect.
David Schropfer 00:16:41
And, David, I think this is a good time to answer the first question which is, can I find domains without without a platform?
And I can take that answer if you like.
Unknown Speaker 00:16:41
Sure. I think that’s that’s pretty straightforward.
it’s it’s very, very difficult to do that. So if you are.
if you’re looking for that top level. If you’re looking for that list of domains that are similar, that is, you know, as David pointed out, that’s the hard part that’s one of the hardest parts. Without a platform that will go out and look for you for similar domains. You’re basically going to who is you can go to. Who is.org? You can go to any registrar and basically search the name.
Search the name that you’re looking for, whatever that might be. So in this case, if you look for Henry, shine.com, or in this case Henry shine with with an extra r in the name.
You would find that that domain was taken, and then you wouldn’t know that you would need to keep an eye on that. But building that list manually is exceptionally hard to do. And, David, I wonder if you could take a minute to talk about the AI element that we use to build these lists that lookalike or create or find these lookalike domains for our clients.
David Mitnick 00:18:04
Yeah, well, you know, AI is is kind of a double edged sword in in our, in our area of our area of work. Because AI is making things, you know, much more difficult in terms of the quality and types of scans that we’re seeing the days of having this types in
email messages or, you know, phishing messages. And these are gone.
you know AI can now create things, and very, very fast, and allow scammers to run things just in in a a scale that we haven’t really seen before in terms of what we’re doing. We’re we’re using it to help protect our clients. just like they’re using it to trying to exploit them. So you know, A AI has become a very important
critical piece of finding the domains in particular for our for our system. So so yeah, so that’s that’s that’s been super important.
The other thing that I also wanted to say is that in our system is that as soon as if you do find it, you can take it down, you can.
We start? We start the activity towards taking it down instantly. As soon as you click on this little icon. Right here things go in process.
Things can start to happen so we can start to take immediate action in order to protect your brand.
David Schropfer 00:19:23
Perfect. Thank you.
And I’m just going to show it a quick example of that.
If you were trying to do this this piece manually, without AI without a platform. You would go to something like either. Who is.com or like I, said Godaddy, and here’s an example where you would kind of have to come up with these
with these domain names or these variations of the legitimate domain. Name
on your own. Unlike, if you’re not using a tool and check them one at a time in a format like this, either who is, or one of the who is a websites or a registrar of a registrar of your choice.
Yeah, all right, let’s bring up.
I’m sorry, David. Go ahead. Did you wanna add something? No, no, no. But go ahead, please.
So let’s bring up the next question, what does a fake domain look like?
Okay, I think they meant Fink website. But we can give a couple of examples of that.
a couple examples of that as well. So this is. This is a company called Twelfth Tribe. They use. They are a high-end fashion company.
David Mitnick 00:20:34
Sell clothing, jewelry, etc.
David Schropfer 00:20:38
I’m sorry to say again.
Unknown Speaker 00:20:40
I’m so. Are you sharing your screen? Because I’m only seeing my screen right now.
David Schropfer 00:20:44
Okay. How about stop sharing your screen and and I’ll give it another shot on this end.
Okay, you see my screen. Now, David.
Yep.
David Schropfer 00:20:59
Okay. So this is the legitimate website again, very professionally done. A very high end.
Clothing and jewelry. This is the fake website, twelfthtribeshop.com. At first glance it looks very similar. Similar toolbar, same exact logo. All of the clothing is different, but it’s probably from an older version of the site. And if you click on any one of these elements, you’re going to see that it’s of course, on sale, right? And that’s the biggest part. So everything here is half off. Excuse me half off. or even less and you can see what they’ve done. They’ve got all the photos, all the photos that are listed on the actual site are all listed here, and they’re selling it for half off, which is obviously a very attractive price, right? But you’re not getting a good deal, because if you were to actually try to purchase this item, the Scammer would happily take your credit card and maybe create some fraud with a credit card. They would happily charge your account for at least this amount. $18 and 30 cents, but they’re going to ship nothing. Why? Because they’re in some foreign country, and and they’re not going to worry about taking anything down.
Here’s another one a little less sophisticated. They just put an extra s in the and the name of the product. But it’s still again, as you can see, same format, same exact clothing. This is, you know, they use all the same photos from the photo library.
Unknown Speaker 00:22:27
David Schropfer 00:22:28
Of course everything is 40% off. And if you just wanted to
check, I’m just going to grab the name of this particular item. I’m going to go back to the legitimate website
and just do a quick search for this exact item. And there it is
same photos.
obviously full price, but same exact photos, same description, same everything as the fraudulent website.
So some are more sophisticated than others. But
this is what they look like folks. It’s it’s really not hard for the Scammer to truly take all of your inventory, all of your photos, all of your assets and turn it into something that is
absolute. 100% fraud.
Yeah. But III think the critical thing here, you know, looking at those sites is
is finding them in their
and they’re infant safe.
David Mitnick 00:23:29
you know, before they obviously those sites are up and running right now. There’s and and and that’s unfortunate, but is, you know, finding them once they’re registered.
knowing that. Okay, this is something that’s similar. This could be used. And then what are the levels? So you know, the first level being, it’s registered Second Level being, are there any records? Is there anything associated with it? Is there a live site on there you have to capture all of that information. And here, actually, for you know, like, you know, for that, for that website in terms of a fake website.
you know the, you know, sending money and not getting anything in return. It damages the brand. It makes users very, very annoyed. All of a sudden people start complaining. It’s it’s it’s it’s tough but I but I think being vigilant from an early stage is really critical?
David Schropfer 00:24:18
Exactly. That’s a great point.
Unknown Speaker 00:24:20
Okay?
David Schropfer 00:24:22
time for the last question, which is, are there other services that offer the ability to
monitor monitor domain?
And the answer is, Yes, A lot of the there are services out there. That will. If you give them the domains that you want to monitor. They can send you alerts if anything changes, some are very pricey, some are not. If you’d like a proposal from DomainSkate for your brand, you can contact me directly at dws@DomainSkate.com again. That’s dws@DomainSkate.com.
and we’d be happy to get you a proposal for your brand for multiple brands. Some companies I, some of the attendees on this call, I think, have worked for companies who have managed multiple different brand names for similar products, so we can do more than one brand at the same time without without any issue.
So feel free to reach out if you’d like a proposal. And I think that’s about all the time we have.
Thank you. So everybody. Thank you for joining.
David Mitnick 00:25:26
Thank you. All right.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.