August 2, 2019
Imagine this scenario: You just put up your online business and now you’re looking for the perfect domain for your website. You obviously want something that’s easy to remember and fits your company to a tee. So how do you find that perfect domain to get things going?
You can, of course, go directly to a known domain registrar to do the search for you. It will save time and effort. But did you know that even the most reputable of domain registrars have had ties to a cybercrime or a cyber attack at one point in time? And because their main goal is to sell as many domains as possible, they’ll probably leave that juicy tidbit out of their sales pitch. So now the question is, how do you make sure the domain you’re purchasing doesn’t have a shady past? It’s simple really, all you need to do is a WHOIS history search tool.
First off, let’s go down memory lane to see why looking back on a domain’s past is critical if you want your business to have a bright future.
Skeletons in a Registrar’s Closet
A quick search for the top domain registrars in 2019 will give you this list: Domain.com, GoDaddy, Hover, Dynadot, Namecheap, and Google Domains. Though I’m sure they never wanted to get their brands dragged in the mud, the ubiquity of cybercrime and cyber attacks has caused them trouble at one time or another.
Among the registrars identified, GoDaddy, Google Domains, and Namecheap unfortunately landed on the APWG’s list of registrars with 100 malicious domain registrations with a 75 percent malicious ratio overall in 2016. That is not to say that they are not trustworthy, it just means they were also abused by threat actors. And just because the others on the top registrars list isn’t on APWG’s report doesn’t mean they’re threat-free. These days, no business with an online presence is safe from cyber attacks, they probably just don’t make the headlines.
What possible reasons you may ask could lead to domain registrar abuse? Well, cybercriminals won’t hesitate to provide false information on their WHOIS records short of using a victim’s credentials to do so. And let’s face it, if you’re a domain registrar that handles hundreds or thousands of domain names each day, you may not have the time to dig that deep into every record. Besides, once you’ve signed the agreement with your chosen registrar, responsibility and accountability for a domain and all of its subdomains are passed on to you. It’s your duty to prevent them from being used in online crimes.
That’s in the present and future though. What if you ended up buying a domain that has had a shady past you weren’t informed of? How would you convince the World Wide Web that it has turned a new leaf? It’s time you dug into your domain’s past.
Digging into a Domain’s Past
The first thing you need to do to find out everything there is to know about your business’s new home on the Internet is to get hold of a WHOIS history lookup or search tool. This particular tool is easy to use and registration is free so you can start digging at once.
More specifically, what can you expect? The tool will provide details on every update your newly purchased domain has gone through. How old it is, what changes (registrant or owner, affiliated company, etc.) it has gone through over the years, the name servers it has had ties to, and more. At least 10 years’ worth of historical data on your domain can be viewed and downloaded in PDF format.
The tool also keeps tabs not just on commonly used TLDs, but also thousands of newly created gTLDs and ccTLDs. And with a database containing billions of well-structured and regularly updated records, you can get all the information you need on practically any domain registered anywhere in the world.
Let’s put WHOIS History API to use. First, look each piece of data up on the Web to see if it has been used in a cybercrime or a cyber attack. Find out all you can about those attacks and include a disclaimer of sorts indicating your and your business’s noninvolvement in them. It’s always easier to expose than to keep skeletons in your closet. Coming out into the open about your domain’s shady past will prevent your future customers from distrusting you should they find out on their own.
Of course, it would have been better if you did the digging before taking the plunge and buying that domain. It always helps to be a little paranoid these days knowing that even the biggest brands are not immune to phishing and other malware-based attacks. That doesn’t mean though that just because your company is small you’re automatically off the cybercriminals’ radar. When launching attacks against targets, cyber attackers consider a small business just as good a catch as a large enterprise.
Size Doesn’t Matter
Though the latest stats reveal that the five most-spoofed brands for phishing attacks—Microsoft, Google, Facebook, Apple, and PayPal—are all industry giants, small and medium-sized businesses or SMBs still shouldn’t let their guards down. Why? Because cybercriminals don’t discriminate when it comes to choosing targets. Case in point, 43 percent of breach victims are small businesses. This isn’t surprising given the fact that SMBs may not have the latest and greatest security tools nor cybersecurity personnel to safeguard their virtual realms.
Social-engineering-based attacks like phishing work because they bank on what has been dubbed security’s weakest link—the human factor. Victims are bound to click links to sites that offer freebies, discounts, and similar promises, especially if the messages they’re embedded in come from trusted sources. That’s why it’s important to educate your staff on the dangers lurking in the Web. And if that doesn’t work, rely on the power of technology.
This is another benefit you can enjoy from a WHOIS history lookup tool. If you lack the resources necessary to secure your domain—essentially the gateway to your business—then you’d do very well to constantly monitor your visitor logs and cross-check suspicious-looking traffic sources via your WHOIS history search tool. Make sure nothing’s amiss with the domain. Ask yourself questions like, “Does this have a shady past?”; “Is any of its listed contacts trustworthy?”; “Has it been updated recently?”; “Is it connected to an identified malicious domain?”; and so on. Don’t stop with known TLDs though, sift through subdomains as well. Phishers and other cybercriminals often mask their crimes by abusing subdomains that domain owners often fail to pay attention to. The only way you can secure your company and customers against online threats is by protecting your business’s core—your domain.
Cybercrime isn’t going to die down as long as there are individuals and companies, regardless of size or scale, to prey on. And it’s up to you to keep threat actors from stealing your personal and other confidential data (intellectual property, usernames, passwords, credit card details, etc.); or breaching your network’s walls; and compromising your employees’, customers’, partners’, and other stakeholders’ safety. That said, don’t just focus on the now, not even the future, look to the past too. There’s a reason behind the cliche, “Life can only be understood backward, but it must be lived forward.”
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.