Swindlers are now cloning entire websites to grab private information and money, and lenders, lawyers, and title companies are in their cross-hairs.
It’s called “domain spoofing,” according to CertifID, a fraud prevention company, and it can take just a few minutes to put into place. The thieves simply replicate a website, but substitute their contact information for yours.
The company describes it this way: “Domain spoofing (or site spoofing) is when fraudsters create convincing replicas of legitimate websites—including branding, contact details, and even login pages—to trick your customers into sharing sensitive information or wiring funds directly into scammers’ accounts.”
“It’s alarmingly simple,” says CertifID’s Peter Marsh, Head of Security, Compliance & IT. “It only takes a few commands.”
While the scam can happen to any business, CertifID has noticed “a sharp increase” in spoofed domains targeting lenders, law firms and title companies. Scammers are even pretending to be specialized lenders, demonstrating their growing sophistication and understanding of industry specifics, says the company’s Will Looney, Senior Manager of Content Marketing.
What’s worse, though, is that the fake sites often go unnoticed for weeks before they are spotted, But by that point, the damage is already done.
The scheme hunts real estate-related businesses because real estate deals offer “perfect opportunities” to siphon off money. “Fraudsters understand your clients trust your website to complete transactions and they exploit this trust by creating lookalike sites,” the company said in a recent report.
Marsh says free and open-source software allows scammers to quickly copy a site's images, code and functionality. Then they register a domain similar to the copied one but perhaps just one letter off or with a different extension like ".net." Next, they upload the cloned content. “Then it's just a matter of pushing people to the fraudulent domain,” he says.
Domain spoofing is similar to another scheme known as SEO poisoning in which a scammer uses search engine strategies such as keywords or ads to lead people to fake websites. For example, if you search for a certain lender, say Rocket Mortgage, you might accidentally click on a deceptive ad or link and wind up on a spoofed website.
SEO poisoning pairs well with domain spoofing because it makes fake sites easier to find, the company advises.
To ward off the scams, Looney says companies need to be ever vigilant and check regularly for lookalike domains. Fake websites are usually brand new, often registered just days or hours ago. “The registration date is a concrete indicator scammers can't easily hide,” Marsh advises.
Another red flag: Small changes that are hard to notice. Perhaps it’s just a swapped letter or an extra dash. The differences are subtle but deadly.
However, one usually reliable security measure – the SSL certificate – may not be so dependable, after all. While many people assume the “lock” icon means a site is safe, scammers can obtain certificates for spoofed domains. SSL certificates “won’t protect you from these attacks because fraudsters own the spoofed domain and can register SSL certificates for it,” Marsh warns.
If you find that your site or anyone else’s has been a spoofed, you should contact the hosting provider immediately and ask that the fake be taken down.
As always, you should also inform your clients regularly about the types of scams they might encounter. And it’s always a good idea to boost your security measures. Says Looney: “Site spoofing is a serious business threat and requires action to stop or prevent.”
