The Quick, Easy Steps You Can Take to Fight a Cyber-Criminal Like a Superhero

By: Joshua Beitler

What do you do when you find someone doing something illegal on the internet? There’s no superhero seeking out cyber criminals on your behalf and sending them off to the police department. You can call the police if you’ve experienced a substantial cyber crime like a major ransomware hack or identity theft. However, the run-of-the-mill cyber criminal can steal from you and get away with it for a long time before ever getting caught.

You might be surprised to know that there are several effective online tools to report a cyber criminal. Let’s look at some common cyber crimes, how to spot them and what to do about them.

Devilish Domain Cybersquatters: How to Spot Them

You might not know this, but someone could be replicating your domain and stealing your website traffic and online reputation.

The legal term for this is “domain cybersquatting and the bad faith intent to profit (Revision Legal).” It’s a form of copyright infringement where a user makes up a fake domain URL that looks like a real domain so they can trick website visitors and collect information.

We’ve seen it with our clients as well. Just last month, a cybersquatter created an exact replica of our client’s website, but the domain name was slightly off to the point you almost wouldn’t notice it. An example would be G00gle.com (with zeroes instead of letter Os) rather than Google.com. It catches mobile users because you’re less likely to notice the differences on a mobile interface.

Cybersquatters will also purchase alternate domains like .net or .org. Small companies may not think about purchasing their .com domain along with a few others like .net or .biz, but these additional domains are just more options for sale on the internet.

How Do You Kick Out a Domain Cybersquatter?

cyber squatter metricsOnce you’ve found the fraudulent freeloader, what do you do?

First, find out who the domain registrar is. A great tool for this is the whois lookup from ICANN, which allows you to enter a domain to discover who owns it. Let’s see it in action.

The image to the right shows the ICANN report from amazon.com. ICANN will tell you who the domain’s contacts are and who the registrar behind the domain is. It will show you when the domain was created and, most importantly, will have an abuse contact phone or email.

Once you know who the domain registrar is, contact the abuse email and provide the following information:

  • The nature of the suspected abuse
  • How the activity has impacted your business
  • What terms and conditions the cybersquatter violated

While you can’t always find the registrar’s terms and conditions, including all three of these pieces of information will help the moderator take you seriously and shut down the affected domain.

Here’s another scenario: What do you do if the domain registrar does not respond? Are they in cahoots with the cyber-criminal?

Probably not, but depending on the company, you may need to allow them two to three business days to process your request and evaluate your claim. If you are certain your request is going unchecked, you can take it to the next level and report the initial removal request along with a complaint about a lack of response from the domain registrar here.

Caution: This is a last resort option. Make every attempt to reach out to the registrar through the phone and email before making this step.

Recognizing and Reporting Evil Email Spoofers

Cyber-criminals aren’t just creating websites and domains with malicious intent. They can also create an email that mimics real people. However, the people you contact for this may not be the same people you contact for the domain. In this case, you may need to contact both the domain registrar and the email service provider. Find out who the email service provider is by using this tool.

Here’s a quick case study: Jenny at ABC Manufacturers got an email from the controller, Dennis, asking for copies of W-2s. When she looked at the email address closely, it was dennis@workmail.com rather than dennis@abcmanufacturers.com. Using MXToolbox, our tech team researched workmail.com and found that it was owned by mail.com. Then, we visited mail.com to find their abuse policy and contacted them through their website to report a policy violation. In less than one hour after submitting our request, mail.com responded that they would suspend the account immediately.

MXToolbox Report

MXToolbox is very clear with telling you exactly who the provider is in layman’s terms, rather than complex IT terms. In the image below, you’ll see that the MX record is rather long and confusing, but down at the bottom it clearly says “Your email service provider is Microsoft Office.”

MXToolBox Report

Dealing With Yahoo/Gmail Bandits

Email spoofers don’t always find an updated email account to replicate your address. They’ll create a free Yahoo or Gmail account with your name so it looks like it’s coming from you.

In this case, you already know who the provider is, so you do not have to contact MXToolbox. All you need to do is find the abuse policy and report it.

To report Gmail abuse, go to this webpage.

To report Yahoo mail abuse, go to this webpage

You can usually find the abuse policy by searching “Yahoo Email Abuse,” but on rare occasions you’ll have to do some digging before finding the right webpage. Again, in any case be sure to gather up the terms from the provider along with any and all correspondence that proves their user is trying to mimic you and cause harm.

Once you’ve done all these steps, you can report the criminal activity to the IC3, which is a branch of the FBI that investigates internet crimes. Most reports get logged into a database, but they can step in for major crimes. Here’s where you can report the cyber-crime.

Why Are You Being Targeted by Cyber-Criminals?

It’s easy to believe the cyber-criminals have a virus on your machine, watching your every move and learning how they can properly mimic you. While this is possible, it’s usually not the case.

The vast majority of the information cyber-criminals obtain is searchable on Google. They look at Facebook, LinkedIn, and your company’s website to learn about you. The more you post about yourself online, the more ammunition they have to imitate you. Be very cautious of what you post online as it can be accessed by the bad guys.

Need Help?

If you are facing spoofing, cybersquatting or black list issues, you should check with your IT provider so they can do a deep dive to pinpoint the problem. Contact us here or call us at 410.685.5512 for help.

Published September 12, 2019

Webinar Recording

Cyber Security Wake-Up Call: What’s Putting Your Organization At Risk?

Cyber Security Wake-Up Call Screen Play

Don’t Become a Cyber Security Horror Story This October

It’s October again, which means it’s Cyber Security Awareness Month — and the cyber security landscape couldn’t be...

Ransomcloud: The Next Frontier In Cyber Security Threats

In the rapidly evolving landscape of cyber security, a new kind of threat has emerged that targets cloud services and...