Home / Blogs

WHOIS Database Download: Proactive Defense Against the Rising Tide of BEC Fraud

How many times have you heard that humans are the weakest link in cybersecurity? The headlines have proven that over and over again. In particular, business email compromise or BEC (also known as email account compromise or EAC) scams, which typically target an employee with access to the financial resources of his company — this could be a C-level executive or any high-ranking officer — for fraud are still on a constant uphill trend.

How BEC Works

According to the latest statistics, the total amount lost to BEC attacks worldwide has reached a whopping US$12.5 billion by the end of 2018. Data also revealed that CEOs and managing directors were cybercriminals' most favored targets.

What's worse, however, is that many companies have still been falling prey to the threat. Though only small businesses were believed to be the prime BEC scam targets in the past due to laxer security and minuscule cybersecurity budgets, that's not the case. In fact, big names have also been bilked by BEC fraudsters. Sometimes, it's not enough to have even the best in email protection that money can buy.

How did even business giants fall for such scams? Well, based on reported investigation details, the BEC scammers got their hands on a list of potential Fortune 500 C-level or other high-ranking executives and spoofed their emails to fool colleagues with access to companies' financial resources to fork over money to bank accounts that they set up. A mere misspelling in an executive's email address was all it took.

That's why companies, big or small, need to supplement their cyber defense with a means to spot inconsistencies in emails. Increasing your employees' awareness of threats is a must, that's true, but it may still not be foolproof.

Raising BEC Defense with WHOIS

A great way to improve your cybersecurity posture against BEC and other forms of phishing attacks is by keeping track of your domains and making sure your company is not being primed for fraud.

Just as BEC scammers compile a list of targets, so should you build a database of suspicious domains that can hurt your business. You can do that easily with a WHOIS database download service. A comprehensive WHOIS database that contains billions of WHOIS records and is regularly updated can help you identify domains that look very similar to yours. These are, of course, very likely candidates for defrauding your company. Keep in mind that a misplaced letter or punctuation mark can be your business's undoing if you don't take all the necessary precautions.

A WHOIS database download can also tell you everything you need to know about a domain — who owns it, what company it's tied to, and other information. Knowing all that from WHOIS records will help you identify possibly malicious actors who put up fake companies as a cover for their real business, that is, cybercrime.

Note that cybercriminal gangs have been known to "establish their own brands" as fronts. Such was the modus operandi of infamous gangs London Blue, which targeted companies like Agari and other Asian businesses, and Scarlet Widow, which had a preference for nonprofit organizations like the Boy Scouts of America and the Salvation Army.

Did you know though that these two gangs have one thing in common? They both operated from Nigeria. With the aid of a WHOIS database download, you can look for all domains registered in Nigeria or whatever country BEC attacks usually come from, which you can easily obtain via the latest cybersecurity news.

WHOIS database download providers also offer country-specific data if that's all you need. Monitor the relevant domains, registrants, companies, and other information you can get your hands on from exhaustive WHOIS reports. Compare the information you got with free cyberthreat trackers — malicious URL checkers, malware databases, and the like. Block their access to your domain if you're sure of their bad reputation.

You don't need to become the next BEC scam victim before you grab the bull by the horns and go for a more proactive cyber defense. Start as soon as you can.

By Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.



Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

Brand Protection

Sponsored byAppdetex


Sponsored byVerisign


Sponsored byThreat Intelligence Platform


Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias