{"id":451,"date":"2018-09-18T18:24:58","date_gmt":"2018-09-18T18:24:58","guid":{"rendered":"https:\/\/eset-blog.aist.fun\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/"},"modified":"2019-06-18T10:36:08","modified_gmt":"2019-06-18T07:36:08","slug":"abandoning-a-domain-name-can-come-back-to-bite-you-research-shows","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/","title":{"rendered":"Abandoning a domain name can come back to bite you, research shows"},"content":{"rendered":"<p>A domain name once left behind can catch up with you \u2013 by giving fraudsters access to a treasure trove of sensitive information<\/p>\n<p>Cybercriminals can use an abandoned domain name to obtain all manner of private information belonging to the company that formerly owned the domain, as well as to its clients and employees, <a href=\"https:\/\/blog.gaborszathmari.me\/2018\/08\/22\/hacking-law-firms-abandoned-domain-name-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">a researcher warns<\/a>.<\/p>\n<p>Gabor Szathmari has described how a new domain owner can, among other things, take control of the previous owner\u2019s email accounts associated with the domain. From there, the ill-intentioned domain owner can access confidential information or hijack the user\u2019s accounts on a variety of online services \u2013 and with little effort and zero hacking prowess to boot.<\/p>\n<p>To demonstrate the rather little-known risks, a team led by Szathmari re-registered six expired domain names, some of which previously belonged to several Australian law firms. Any and all email accounts associated with the domains were then configured to forward all incoming email messages that were intended for the domains\u2019 former owners to a \u201ccatch-all\u201d email service controlled by the researchers. The team then \u201csat back and waited for the emails to come in\u201d.<\/p>\n<p>And come in they did, with the number of email messages received over a three-month period topping 25,000. Having separated the wheat from the chaff, they found true gems in a number of the emails. This included highly sensitive information about the legal practice and its clients, such as transcripts of court proceedings and other sensitive legal documents, as well as supplier invoices, bank statements, etc.<\/p>\n<p>Digging deeper, the researchers showed that they would have easily been able to impersonate the legal practitioners in order to con their clients or to regain access to the firms\u2019 Office 365 and G Suite accounts by resetting the passwords.<\/p>\n<p>By combining information that is available on data breach search tools SpyCloud and HaveIBeenPwned and by abusing password reset functions on social media, they could also have easily hijacked some of the personal or work-related accounts of legal professionals on the platforms, especially on LinkedIn, where the potential victims often used their business email addresses. The same dangers were found to apply to user accounts on profession-specific web portals.<\/p>\n<h2><strong>All that you can\u2019t leave behind<\/strong><\/h2>\n<p>The research focused on domain names once owned by Australian law firms, since these firms, and obviously not only in Australia, often merge or are acquired, sometimes leaving their old domain names to expire. Domain name drop lists are easily found on the internet.<\/p>\n<p>Of course, other businesses aren\u2019t spared the risks. Speaking to CSO, Szathmari elaborated on the <a href=\"https:\/\/www.csoonline.com\/article\/3300164\/hacking\/dont-abandon-that-domain-name.html\" target=\"_blank\" rel=\"noopener noreferrer\">dangers of domain name abandonment for online stores and its customers<\/a>. \u201cBy reinstating an online web shop formerly running on an abandoned domain name, bad actors could download the original web pages from archive.org, then take new orders and payments by posing as a fully functioning web shop,\u201d he wrote.<\/p>\n<p>The easiest way in which organizations can prevent this threat is to auto-renew their domain names, even if they\u2019re no longer in use, for an indefinite period of time. Other preventative measures include closing, changing or disassociating user accounts once registered with work-related email addresses, utilizing <a href=\"https:\/\/www.welivesecurity.com\/2017\/07\/03\/two-factor-authentication-underutilized-security-measure-businesses\/\" target=\"_blank\" rel=\"noopener noreferrer\">two-factor authentication<\/a> wherever available, as well as always creating <a href=\"https:\/\/www.welivesecurity.com\/2013\/07\/17\/how-to-create-strong-passwords-without-driving-yourself-mad\/\" target=\"_blank\" rel=\"noopener noreferrer\">strong and unique passwords<\/a>.<\/p>\n<p>Source: <a href=\"https:\/\/www.welivesecurity.com\/2018\/09\/11\/abandoning-domain-name-research-shows\/\">Welivesecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A domain name once left behind can catch up with you \u2013 by giving fraudsters access to a treasure trove of sensitive information Cybercriminals can use an abandoned domain name to obtain all manner of private information belonging to the company that formerly owned the domain, as well as to its clients and employees, a<\/p>\n","protected":false},"author":5,"featured_media":1853,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[147,151,163,170],"tags":[],"class_list":["post-451","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybercrime","category-expert-opinion","category-opinion","category-small-business"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Abandoning a domain name can come back to bite you, research shows - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Abandoning a domain name can come back to bite you, research shows\" \/>\n<meta property=\"og:description\" content=\"A domain name once left behind can catch up with you \u2013 by giving fraudsters access to a treasure trove of sensitive information Cybercriminals can use an abandoned domain name to obtain all manner of private information belonging to the company that formerly owned the domain, as well as to its clients and employees, a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-18T18:24:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-18T07:36:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Domain_name-623x432.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"623\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"Abandoning a domain name can come back to bite you, research shows\",\"datePublished\":\"2018-09-18T18:24:58+00:00\",\"dateModified\":\"2019-06-18T07:36:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/\"},\"wordCount\":553,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Domain_name-623x432.jpg\",\"articleSection\":[\"cybercrime\",\"expert opinion\",\"opinion\",\"small business\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2018\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/\",\"name\":\"Abandoning a domain name can come back to bite you, research shows - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Domain_name-623x432.jpg\",\"datePublished\":\"2018-09-18T18:24:58+00:00\",\"dateModified\":\"2019-06-18T07:36:08+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Domain_name-623x432.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Domain_name-623x432.jpg\",\"width\":623,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Abandoning a domain name can come back to bite you, research shows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/09\\\/18\\\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Abandoning a domain name can come back to bite you, research shows - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/","og_locale":"en_US","og_type":"article","og_title":"Abandoning a domain name can come back to bite you, research shows","og_description":"A domain name once left behind can catch up with you \u2013 by giving fraudsters access to a treasure trove of sensitive information Cybercriminals can use an abandoned domain name to obtain all manner of private information belonging to the company that formerly owned the domain, as well as to its clients and employees, a","og_url":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2018-09-18T18:24:58+00:00","article_modified_time":"2019-06-18T07:36:08+00:00","og_image":[{"width":623,"height":432,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Domain_name-623x432.jpg","type":"image\/jpeg"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"Abandoning a domain name can come back to bite you, research shows","datePublished":"2018-09-18T18:24:58+00:00","dateModified":"2019-06-18T07:36:08+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/"},"wordCount":553,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Domain_name-623x432.jpg","articleSection":["cybercrime","expert opinion","opinion","small business"],"inLanguage":"en-US","copyrightYear":"2018","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/","url":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/","name":"Abandoning a domain name can come back to bite you, research shows - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Domain_name-623x432.jpg","datePublished":"2018-09-18T18:24:58+00:00","dateModified":"2019-06-18T07:36:08+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Domain_name-623x432.jpg","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Domain_name-623x432.jpg","width":623,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"Abandoning a domain name can come back to bite you, research shows"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/09\/18\/abandoning-a-domain-name-can-come-back-to-bite-you-research-shows\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=451"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/451\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/1853"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}