Welcome to the underbelly of cybercrime, where a new menace known as "SubdoMailing" thrives in the shadows, waiting to ensnare unsuspecting prey.
Say you’re scanning your inbox when you spot an email from a trusted company. It has a domain name you trust, so your initial thought is that it’s safe, right?
Not quite.
This email is part of an elaborate scam designed to lure you into clicking malicious links or divulging sensitive information.
But what exactly is SubdoMailing?
It’s a devious ploy where fraudsters exploit the forgotten corners of reputable brands’ subdomains (hence the “Subdo”) to launch their nefarious schemes. These subdomains are like hidden passageways in the vast labyrinth of the internet, often overlooked but ripe for exploitation.
Here’s how it works:
First, the cybercriminals scour the depths of the internet for abandoned subdomains of well-known companies. These subdomains may no longer be in use, but they still point to external domains that are unregistered. Seizing this opportunity, the criminals swoop in, purchase the expired domain and set the stage for their deception—a counterfeit website designed to mimic the trusted brand.
Here’s where the danger lies.
You receive an email seemingly from a legitimate source, but unbeknownst to you, the link you’re about to click leads straight to the counterfeit website. And because the email appears to originate from a trusted brand, it often slips past your small business’ usual security measures and lands squarely in your inbox.
So what can you, our friendly neighbourhood SMB owner, do to shield yourself and your company from falling prey to SubdoMailing?
By taking these proactive measures, you can navigate the murky depths of cybercrime with confidence, safeguarding your business from the lurking peril of SubdoMailing.
If you’d like some advice about adding an extra layer of security to your small- or medium-sized business, get in touch with us.