Researchers at Naked Security, the web security arm of the British IT security company Sophos, recently got an e-mail from WordPress. It offered them an upgrade to DNSSEC (Domain Name System Security Extensions) from DNS (Domain Name System) for their domain. It highlighted the drawbacks of the DNS and the advantages of a domain with DNSSEC over the DNS.
If you’re a beginner reading this, DNS is like the phonebook of the internet. It converts domain names (human language) to IP addresses (machine level language), so that you and the computer can understand each other. And the DNSSEC? Yes, it’s real. It secures the DNS by adding cryptographic signatures to the existing DNS records. Usually, service providers use the DNSSEC to secure their DNS databases when exchange of data occurs with other DNS servers.
Anyway, getting back to the point, the e-mail wasn’t actually from WordPress, but crooks impersonating the web hosting service. The e-mail seems totally legit – professional and casual. But did they really think they could trick a web security firm? Nevertheless, other uninformed users might just have fallen prey to it.
“This scam pretended to come from WordPress itself, and claimed that DNS security features would soon be added for our domain,” said the researchers in a blog post.
Once a user gets tempted by the offer, it directs them to a landing page that looks surprisingly believable with the web host’s icons and logos. The page asserts to be an ‘Update Assistant’ which asks users to enter their username and password. When you do that, a series of convincing messages pop-up citing progress of your upgrade. And there goes your site in their hands! You’re not really getting an upgrade, you’re being nicked.
What’s more, the attack isn’t just limited to WordPress, they’re after Microsoft Azure, Namecheap, HostGator – about a 100 brand accounts.
To remain safe, avoid logging to your accounts from links sent in e-mails. Enable two-factor authentication (2FA). With 2FA, passwords are not enough to login to your account, an OTP becomes an additional requirement. Use password managers, they prevent you from entering the correct passwords at the wrong URLs.
