Domain Skate

Brand protection protects your company from fraud. It also protects all of your customers from phishing attacks and fraud in your name.

Find out some of the top brands that use and trust DomainSkates's services to protect their brands on the internet and Web3.

Use our free service 'Threat Finder' to get a list of 10 sites that may be infringing on your brand.

Get a map to our New York City offices.

Deliver predictive threat intelligence data directly from our platform to yours integrated via Webhooks and APIs.

At DomainSkate, we redefine brand management through a combination of cutting-edge solutions tailored to your unique personal needs.

DomainSkate’s Fraud Preventer monitors domain registrations, analyzes phishing websites, identifies typo squatting domains, and maintains a domain watchlist.

Use our free service 'Threat Finder' to get a list of 10 sites that may be infringing on your brand.

Get a free market study that uses DomainSkate’s proprietary data, with comments and analysis by FouAnalytics.

Dive into a world of expertise with our webinar videos. Explore insights, trends, and practical tips from industry experts.

Play Video

David W. Schropfer 00:00:03

Okay, I think that’s about enough time. Everybody welcome to our webinar, transforming one time web projects into monthly recurring revenue. My name is David Schropfer. I’m the executive Vice President at DomainSkate, and my responsibility is to make sure that everybody knows how great our company is, and that’s it. In a nutshell. My email address is feel free to reach out to me during the webinar or anytime after. If you have any questions

with that, I’m going to introduce our guest, Alex Zordel. He’s the CEO of, and Alex. Why don’t I let you introduce yourself?

Alex Zordel 00:00:44

Thank you. Thank you, David. So I am, Alex Jordan. I am a fully step web developer. I have over 15 years of hand on experience on web development.

I used I have experience on both old languages like Psp. Java Python. My scale event penalized that. I also have, like all the modern language experience with node react type script

is built. I build like some bigger brands. For some of my clients actually be very bigger. They have, like a monthly millions of dollar millions. Sorry millions of visitors per month.

And one thing is very common, there is that I have to work there. I have to make their application very secure, no matter what, no matter who is like technology which language I use.

But there is always I struggle with one thing, and that is, Scammers! Cloning their websites! Whenever it is getting popular and reaping off their customers. So I recently met David

Unknown Speaker 00:02:02

and his company. Dominicate.

Alex Zordel 00:02:05

I was freaking, amazed. How easily DomainSkate solving this problem!

It was mesmerizing.

So that’s why today I am here to talk with David about Domini’s kid. Thank you.

David W. Schropfer 00:02:22

Wonderful. Thank you very much, Alex.

Alright. So let’s let’s dive in. Here’s what we’re going to talk about today. First and foremost, understanding the problems that Alex so clearly described, which is, yeah. The clients get ripped off after the after their website gets some popularity. There’s a scammer out there to cause a problem to rip them off. We’re going to make sure we talk about that problem itself in detail. We’re going to talk about the kind of value the client gets. How much money do they really save? How much money are they really losing when they’re getting attacked? Just get tax, etc.

Certainly some of the So security packages, the subscription packages that we’ve available and others make available to their clients.

and exactly what automated threat detection is, and what an automated threat response is on how that can be done using automated tools. And then, of course, real life case studies, real companies that have real problems. No, we’re not going to be talking about actual clients in this section. But we’ll be talking about companies. That that are experiencing the problem and illustrate what these issues are in real time.

So let’s start here with the problem. A brand worth building is a brand worth protecting. I think that’s something that everybody on this call can agree on, and whether you’re a web developer on this webinar, or a brand manager or brand consultant, or any of those topics.

You are investing in the brand of your customer or your client, whatever it may be, when you build that website, that’s investment. When you register domain names when you create an SEO program. When you file for trademarks, those are all part of investing in a brand because you want that brand to work. You want that brand to have a good reputation, and ultimately you want want that brand to help sell for the company.

and the marketing is where the real dollars come in. Right, you know, compared to a sustained Google ad campaign or sustained, you know, even television ad campaign depending on the size of the brand, etc. Marketing is where that investment really starts to skyrocket. So, as Alex mentioned once, the brand starts to Skyrocket, once the

general recognition of that brand gets bigger and bigger the more and more money that’s spent on marketing, and the more the more the more time that goes by that brand gets recognized, and one of the groups that recognize it are scammers.

and the scammers are looking to just simply rip off credit cards, steal credentials, or maybe just good old fashioned disruption, but regardless.

The way scammers approach the task of attacking a brand a brand that’s been invested in is they start by registering not one, but lots of different domain names that can be what we call typo squatting domains or lookalike domains. Call them what you like, but they’re domains that could at first glance be confused with the actual brand or the actual domain name

and the confusing. That that user is going to be a big part of the Scammers job, so they don’t register one. The register doesn’t, and the reason they do that, of course, is as the game of whack-a-mole begins and you take down one domain because that’s really all you can do. The Scammer moves the entire attack, the email attack or the fake website to another domain, and then when that goes down, they move it to another one and another, one and another, one after that, and

solving this problem may sound futile. But what we’re going to talk about in this webinar is, it’s really not. It’s really manageable.

So after they register dozens of websites, so they make sure they have them. They launch their fake website or they execute their phishing email campaign. Or maybe they do both at the same time. And they’re doing that, of course, to steal money, steal credentials from the end user, and of course all of that is damaging the brand. So

the circular, the circular motion begins. Now the company has to respond. They go into damage control, but they find out about the attack. They run up their legal expenses, trying to shut down the attack, and in some cases, especially when a customer is actually paid real money for what they thought were real goods, and nothing gets shipped to them. Sometimes they actually have to reimburse customers that they never collected money for.

because the Scammer successfully fooled them so, and as soon as the and and then, of course, they try to shut down whatever that attack vector is. And like I said, the Scammer simply takes that whole attack. As soon as that domain is shut down, and they move it to the next domain and the next domain and the next domain after that, so they can keep their scam going

so like I said.

a lot of you are breaking out into a cold sweat now, just looking at the slide, because this seems like a never-ending cycle. So I want to be clear. What what domainscade is doing is not just shutting down

one domain, one fake website, one phishing attack. We’re shutting down the Scammer. We’re going after the Scammer and making sure that we just snuff out all of the different attack vectors or the attack surface that that Scammer is using to attack a given brand.

So enough about the academia of it. I’m going to turn it over to Alex to talk about real world problems that he’s experienced himself.


Alex Zordel 00:07:33

Yeah, thank you. So horror stories. I can’t remember that long ago one of my big client.

he actually messes me saying, Hey, Alex, Some of my customers are keep saying that the product is not delivered. but I don’t see any record in my website in my web apps in the front back end that,

there is no record of the product parcels. So how is going on? Am, is my website hacked or something. So I said, Sure, yeah, let me check. So I check the website. And I thought, maybe somewhere, is it going to some other? I don’t know. Maybe I tried to define OS,

but I did not find really that there’s any signs of a product purse.

so that I was thinking that why does happening. So I did some little more investigation and found out that

there is some lookalike domain. They actually are copying the same structure website. They are copying exactly the same same image, same content. It makes like them like there. So the customers, getting easily full by see, the website appears because the customers are already familiar with the website Ui, because it is very popular.

and the the hackers are the domain also looks. Look alike that it is, it is very identical.

So what happened? So I actually found out that scammers are reaching out the customers, and they are receiving the money, but not delivering the product.

So II told my customer, told my client that, hey, this is what is happening. So the only way to do this. There is nothing I can do from our application. So so how do you have to do? I have to go to the registrar.

ask them to remove this domain. But before that I can reach out to the actual the hacker. Who is this camera and ask them to down make it make it remove the website. But definitely, they won’t do that.

I actually emailed them. But they did not. Contact I called them. They did not receive. So yeah. So removing, that was a divided story.

It is. Actually, I actually emailed deeply to the

register. But they actually

it had. It is a long history. Actually, they did not initially X, or it made it down because I do not. I do not have an actual authority.

and there are a couple of other issues as well

out of curiosity. Did the registrar say that? Hey, Alex, you don’t really have any authority? You’ve never talked to us before. You’ve never reported anything before. We don’t know if this is real or not exactly. Exactly. That is what they said. They said that you don’t have any authority. We cannot trust you, and you have to. I don’t know, I said, that but this is real. This is, you can see that. But even the problem is that did not, did not even want it to give me enough time to

to to to understand if the if I what I’m saying is true or not. So they did not give me enough power. Actually, I was kind of

I don’t know. Kind of embarrassed.

So the second story. I would like to speak about that customer review.

Actually, yeah, that website was removed later. But it was. It was very hard time. Yeah, I mean it was. It was not easy. That’s what I all I can say. Second history, I would say, is that

bad customer review. So

one of my clients actually emailed me. It was also like, I think, couple of years back

he said that, hey? I noticed that some people is spreading bad words about me but my company, so can you please check it out? So I said, Okay, sure. So I check the customers name. And

he’s like, I do not. It was like Google Review. So I cannot ask Google to just remove a review. And Google on listen definitely. So I checked the Database company and master the name. I found that the name is exist in our

customer list from for that client. So I was kind of curious like what happened. I can see the customer and he’s giving the bad review. But the things he’s saying is not totally correct.

It is completely wrong. Review. Because we always deliver. I know that I know that a client very personally he never do that. So

I actually emailed the customer said that, hey? You wrote this review. But why would never did that with you. So why did you did you wrote that? He said. Actually, it happened with me. I said, Okay, can you? Can you please share your order or something? So he was kind enough to forward me his order. And I noticed that the email he received it is not from ours

domain. It is like lookalike domain, he thought, that it is us. But it’s not so. Then I convinced him. Hey, look this is not our domain.

You actually clicked, defined Link, and it was not us those that looks like us, but it is not us. So, upon our request, he removed the review. But it is like a common case it happens a lot.

So I also like from then from that 2 events, there was couple of other incident also happened kind of similar.

So I was thinking, what could be like.

Why, it is happening. I mean, it’s common, like, there is this camera. So we cannot stop them. So

I was thinking for a solution. And I was like, keep sending that message to the rest, asking them to shutting down, because because but the problem is that there is no, not one rest. The clients passes the domains from different registers, so each time I’m approaching them kind of having the same issue like they do not know me. How they should down it like, that’s a that is lots of like horror. Things happening. It was not easy

and the website was like, so look alike. And the domain even sometimes the change a little bit colors some you know, to make it to to to

I refrain them from the

register, so they do some changes, but it is at the end the blame goes to our clients. So our custom clients reputation like destroying our clients. Reputation destroying their business.

It was really bad experience.

David W. Schropfer 00:14:38

Thank you. And the client and the client.

Sounds like the Klein took the brunt of that, I mean, did the did the business actually close on any of these examples, or were they able to somehow recover from the attack.

Alex Zordel 00:14:52

you mean the is Kamar’s website or the main cli, our client, the the main client, the main client who got blamed by their customers. For the bad web, just like you were blamed by that one client who thought

Alex Zordel 00:15:11

no, our client, it was like, not it was. It is a big company, so not everybody like there are like not too much complain. It was like, you know, but it was like regular thing.

so the business definitely would not get shut down. But it is it was destroying our clients reputation

and the scammers website. Yes, it was eventually shut down. But, as I said, it was a lengthy process, and there was a lot of things as well. For example, it it was very costly as well, because II definitely I’m a developer. II of course it’s not not as my responsibility to

make those upside down right? So I charged my clients for east of my hours, so it was very costly for my clients as well. So they did not like the way I actually did. But they did not have any size as well.


experience for both of us.


how? Actually, I did it. Kind of, let’s let’s deep dive in a little bit. So I did some Google search to find the lookalike websites but I have to like, imagine everything in my mind that what could be the possible?

what could be the possible may combination of the domains? For example, if it is

beauty care. Let’s say, for example, let’s say one of my clients was Iscon cosmetics. So they made a little bit changes like it’s only cosmetics

multicast meetings like

they’re adding like double s at the beginning. So something like that. So I can guess. Some of the possible domains.

and some of them could be right, some of them not.

It was like throwing some

object in the dark.

It is not like for sure anything.

but it’s like well, it’s like time consuming, as I mentioned already, like I have to like, think about everything I have to look for it, and I have to really check the website is also kind of

like, it’s scary. I do not know that if it is already, they have some malware that may infect my computer.

So that is also like a scary thing. But I had to do it because that is my client, my responsibility

as well

list every possible URL that I owe. So no. Another thing is that I actually, after facing these issues, all of for all of my new clients. That’s why I suggested them to buy some lookalike domain.

But generally, when they start the business they don’t care. Because nobody knows if you know this business will actually sustain or not, but when they behind the business grown up on it was getting some success

that time. They are thinking, ho! Oh, yeah, Alex, you’re right you should have by by those domains. But now it is too late.

But the problem is that there is a lot of them.

because these cameras are a lot in number. It’s not like want to domains. So it is. And like hunting them manually.

It is like like a half of my day, if I like, do it regularly.

and I have to do it regularly to check if something is going wrong or not. that is not a like enjoyable job for me. and not like costs any matter for my

client as well.

So, as I already mentioned. Scammers actually do not

care. They already anonymous. They when they register those domain, they already use somebody’s name, so it’s not possible to detect the anony scammers.

and so then I, as I already mentioned, register do not care

my request, because they do not know me. I do not have any authority to ask them to to shut down, and actually the authority. The person who can do that or an organization, said the Government, can do that some so if it. If we find a law against those scammers, they can do that. But it is a lengthy and more time consuming way to do that.

So it was.

even after I doing like couple of years. It did not. My experience did not like satisfy me.

and not my clients

as another thing is that like we.

I noticed that there are a couple of domains which registered

but it’s not like up and down yet. But they could upload the website anytime. Maybe they are building the website that is in the development mode. They can make it make the website like up any day, but I do not know when they will make it so. I have to take it every day.

It was another boring task.

So II mean regularly these things, this new domains finding new register finding, finding, finding new domains look alike domains find trying to find out when they will make it live. So it is like.

0so yeah, it is a bad experience. So that’s all I can say, sounds like it’s a bad experience for the customer and for the client and for the web designer. but all of them yes, all of the above

David W. Schropfer 00:21:09

got it.

Unknown Speaker 00:21:10


David W. Schropfer 00:21:12

thanks very much for that. I think that really illustrates the problem. It’s not just just not academic. It really happens every day, and I’m sure every web designer on this webinar now experiences the same thing right? Or or versions of exactly what Alex was talking about.

So let’s talk about what value gets delivered to the client with with a automated product. So first, I’m going to talk a little bit about the automated solution. This is the domain skate solution, the first

really key factors you’ve got to be able to find domains. So if you imagine there, there are 390 million registered domains out there in the world today. So think of it as this scatterplot of of all these dots out there.

You care about some of them, but not all of them. And what Alex was talking about before. If you tried to do Google searches or tried to come up with all these combinations in your head. You’re never going to find them all manually. You really need a system that’s going to do the heavy lifting and the real searching through all 390 million every single day, and look for the things that will affect your client.

That’s exactly what DomainSkate does. We literally look at the whole. Who is zone file every single day 390 million. We compare that file to

Unknown Speaker 00:22:26

to our proprietary database, which has 750 million domains listed in it. And what we’re looking for is changes. That’s how we track a change. What was here? What’s here today? That wasn’t there yesterday? What changed to a domain that was there yesterday happened between yesterday and today? What’s what’s evolving? Is there a new website up? Is there a new screen shot up. Is there a new Mx record, or a record added to the registration of a domain that wasn’t

Unknown Speaker 00:22:51

there the day before? All those different things we can find.

David W. Schropfer 00:22:55

You could. We could also look at over 20 different security monitors looking to see if any of those domains that we’re tracking have been recently added to a fraud list, malware list, phishing attack, that type of thing. And then we use other proprietary data as well.

So, finding them narrows down the list of things you’re looking at to just those domains that you care most about. Then step 2 is what our system does is, watch them every single day we go through that same cycle, and we’re looking for any kind of change, because that change may indicate that an attack is starting right. So if a phishing attack requires an Mx record to be added to the domain.

as soon as that Mx record goes up, we take another look at it. And we we can tell if that phishing attack is really starting via email, and then we can shut down that domain. So we can literally say we’ll shut down that attack before it starts. Why? Because we’ve been watching that domain that’s likely going to be used for the attack the moment. It even looks like that attack is being set up. That’s when we can start to take it down.

And that takedown, that shutting down that attack is critical. There are lots of services out there that you can use to find a problem, including, by the way, your own customers, your customers will tell you like, Alex was pointing out, hey? I think I was fished. Hey? I got this email, hey? I went to this website and you’re lucky if they do because a lot of them don’t. They just fall into the trap. But if you do get it reported to you, you’ve got to do something about it. And once you find that problem

Unknown Speaker 00:24:22

acting on it, shutting it down, making it definitively removed from the Internet is the next step, and the the partner you would have in domainscade is a partner that can shut it down too, so we can blacklist. Yes, we go to the registrars as well.

David W. Schropfer 00:24:37

but we have great reputations with all of the privacy companies, all the domain, the fraud trackers out there, the Scam trackers. We have a great reputation with registrars and hosting companies, because we’ve been doing this for years, and in that time we’ve never given them a bad result, because whenever we’re asked by a client to shut something down. We have our team. Actual humans. Look at it. Look at the complaint

before we send it to those agencies. Why? Because we never want to send something that’s not legitimate. As soon as we start doing that DomainSkate loses our reputation, and we don’t want that to happen either. So right now, because of the reputation domain skates built up. We complain to a registrar that registrar takes it down.

If they’re a legitimate registrar, if they’re operating out of North Korea or other places where Western law doesn’t really reach. That’s when we couldn’t even go to Icann and do an arbitration process and forcibly remove that domain from one ownership party to the rightful owner.

So all 3 of those elements are really required here. Got to find the problem. You got to monitor that problem. Watch it every single day looking for that attack to start, and then you got to shut down that attack immediately when you see it.

and just to circle back to the things that Alex was talking about. Here are some of the savings, and Alex, I’ll let you chime in here as well. So Alex was talking about how manual, how how time-consuming and costly a manual search was. It took him hours and hours to try to come up with, okay, here’s my clients, brand. Maybe if I put a dash in the middle, maybe if I change the I to number one and on and on, just trying to create all these things.

Alex Zordel 00:26:22

Chris, yeah. Doing?

Yeah, yeah. It was like, very lengthy. I have to think about all of the combination in my head and search them in the Google and type it in the like manual is to see if there is a website of premise. And it was like a scary experience if maybe they have like a strong malware. So yeah, that’s that’s fine.

David W. Schropfer 00:26:43

And the and the worst part is, it’s poor results, because at the end of the day, even if even if you could somehow manually check them all on a Tuesday. You’d have to check them all again on a Wednesday, because something may have changed and an attack may have started.

Also the the folly of trying to register all these domains on the part of the client. It’s not only is it not possible, because as soon as you register 200 different domains that look like your

look like your brand. The scammers just going to find number 201, you know something that’s just a little bit different. There’s infinite, that’s true.

So if if that client said, Hey, I just want to register these 200 domains to be done with it a. They’re not done with it, and B. That would cost them $4,000 a year at least. You know, most of these domains are about $20 a year. Some of them are much, much more than that. Fewer or less. But

It’s a big waste of money. It’s a lot easier to spend that money on a service that watches them for you

Alex Zordel 00:27:44

and the ad hoc communication. Alex. I think you said that one of your clients ended up going to a lawyer over you ended up telling them to go to their law firm to solve. The problem is that is that right? Camera was very competitive so I wasn’t able to shut it down. So I suggest my client to go to this camera. Sorry go to the

charge, to the court to file

to make them like to make the down. But actually it.

they actually asked a lot of money, even so, if they had to go that route because camera was very

so very competitive. So, but so so the Scammer was actually

David W. Schropfer 00:28:26

extorting the client. They wanted the client to pay them to take it down.

Alex Zordel 00:28:30

No, no, actually they did not. They did not ask. They did not like it directly. Ask the money.

But the the website was surreal and domain. Also lookalike that most of here is customers started thinking that confusing like who’s on is correct, which one is real.

So that’s that’s made them like, yeah.

having hard time. Probably that’s that’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s it’s

David W. Schropfer 00:29:16

typically it’s between 10 and $15,000 for law firm just to take the case. And that’s one domain. That’s one problem. And like, we already talked about that Scammer is going to say, alright

good for you. You got that one domain. I’m going to move this whole attack to the next domain, and the next one after that. So that number can really rack up, it’s better spent on on something else. And then, last, but not least, certainly not least, the the the damage to a brand is really intangible. Only the company knows what you know. Kind of damage the the attack caused their brand by their sales numbers right? How much does sales dip? If nothing else changed? It was probably because their reputation took a hit with hundreds or even thousands of customers who fell for the phishing attack, or who fell for the fake

Unknown Speaker 00:30:02

website, and

David W. Schropfer 00:30:03

that number can be crippling. Alex, like you were saying right that that some of the some of the clients who were truly attacked. With one of these it takes time to recover, and it can even cost the entire business.

Alex Zordel 00:30:16

It could be a very real nightmare for a client if if it happens. So, yeah.

trading area.

David W. Schropfer 00:30:26

all right. So let’s let’s talk about. We’ve we’ve talked about the problem we’ve talked about the solution. And let’s talk about how it benefits.

web developers like you. So this is the partner program that you’re doing with us, Alex. So why not? I’m going to let you just talk through

some of these elements. Oops

Alex Zordel 00:30:51

so actually so, as I mentioned recently, I met David, and I actually signed up there sign up to the Domescate as a customer. So I added, actually some of my

clients, URL, already there, and it’s started pulling off like thousands of results. And some of them are very meaningful.

David W. Schropfer 00:31:19

Exactly. And and part of it is we we help you set it up. When you when you come online.

Alex Zordel 00:31:25

Yes. And I noticed that just after the day after I set up the domain, I started receiving emails, I about the newly found newly found

trades. And interesting thing is that the day after that I found the another email, I thought, it is the same email. But it’s not, it is. There is the new list of

the problems. So that was very interesting.

David W. Schropfer 00:32:12

Right? That’s a key element of the system that you you really don’t have to log into the platform every day. You can, if you want to see what’s going on. But really the email is, what is the thing that tells you what changed from day to day.

and then only gives you a couple of domains to look at. just to make sure that attack is not beginning.

Alex Zordel 00:32:57

Yeah, that’s that’s a good item, actually.

And the another thing I noticed that there is a very easy way to shut it down. That is a hammer, if I click that it will get shut down within a couple of hours. So it was a very, very useful tool.

I don’t have to worry about anything I don’t have to like. Go to the website. I don’t define the register. Any records, all, everything was in the dashboard. I can see that picture. I don’t have to like load that website in my browser, because that might be already mirror infected. So it was like like peace of mind. It was like it was very comforting.


David W. Schropfer 00:33:20

exactly. And maybe now is a good time to just

go over to the actual dashboard for a second. This is what this is what Alex is talking about. The the gavel here. I’m just going to pick one of these at random. So if if this was a client.

and and we in partnership with the client determined to to shut it down. This one button here gives a very, very quick

list of Okay, what did you find? What does it look like? Is it a shopping scam? Is it confirmed? Did you look at the website? Okay, great, and hit the confirm button? And that’s it. You’re done. And that website is now going to go off to our team. We’re going to review it and immediately start to either blacklisted or go to the registrar, or all of the above to scrub it off the Internet.

Alex Zordel 00:33:48

Yeah, David, I have a question actually, how you guys did it so quickly because it took me hours of time, even they did not know me. They did not say that. Thi! There’s this list. I don’t know if they don’t have any authority, but I noticed that you guys did it very quickly. I mean how it was possible. Would you mind that?

David W. Schropfer 00:34:06

That? That, of course. That’s that has to do with our reputation. We’ve been again. We’ve been doing this for 8 years, and we we take the time to have our experts at Domainscate. Look at the complaint from a customer manually.

and look at the information we’ve got in our system before we make the complaint. And you know, just to switch back here for one moment, looking at the platform.

The platform carries with it not only the results that exist as of right now as of today. The IP address, all this is is great evidence. But we can also go back in time to previous versions of that of that website. To show, yeah, this problem existed on on this date, but it also existed a long time ago. As well.

Let me just see if I can come up with a better example of that.

Yeah, see here, we’ve we’ve got multiple screenshots every time something changes with the website, we update this list. And we can go back and and look at what was done before. So when when I say we do research, we really have a lot of information

Unknown Speaker 00:35:14

back at our disposal and our ability to go backward in time and see what was done last week last month, sometimes even last year. Even beyond that we can show that it’s not just an attack that’s happening today. It’s an attack that’s been happening a long time. So when the the Scam advisor community or the registrar community or the hosting company community receives that complaint from us. It’s got a lot of evidence behind it that proves this isn’t an attack. This is real. Rely on DomainSkate’s reputation and get it done

and like I said, blacklisting can happen very quickly. Getting a registrar to act can take another couple of days. But blacklisting. If we’ve got the evidence, we can shut it down. That’s why watching these things and collect letting us collect the data is so critically important.

David W. Schropfer 00:36:08


So this is kind of a I guess a recap of the what the automated threat detection is doing. There’s there’s the setup phase like we’d like Alex was talking about

Unknown Speaker 00:36:29

where we start by as soon as we turn up the client, just like we did with you, Alex. We find any attack that’s already existing that nobody knew about. We’ll look at that very quickly, and we’ll try to take those down very quickly, just like we did with you, Alex. Then the next step is to make sure we have that watch list for the ones that

David W. Schropfer 00:36:48

the domains that could be used for an attack. But aren’t yet? We put them on the watch list, and that starts the system just checking it every day. So we can build up that history. And I like to use the analogy. It’s like knowing what door the thief is going to come through.

If you’ve got, you know, 50 doors in your home, and you know which door the thief is going to walk through next. You can put a guard at that one door and waited for the doorknob to turn. That’s essentially what we’re doing. We’re waiting for that domain to be set up in a way that can be used as an attack, so we can shut it down quickly. That’s what the ignores watch is about, and then, of course, there are always going to be some domains that the system finds that aren’t

a threat that are used for by a legitimate business. So we keep those, and we just put them in the ignore category. So we don’t watch them every day. But we don’t lose the history either. So if we ever wanted to go back to them to see if anything changed, we can do that, too.

And then over time. We’re shutting down the existing attacks based on those email notifications. And Alex, this is one of the things that you mentioned. That’s so valuable. Those email notifications really go a long way to making your job easier. Right?

Alex Zordel 00:37:56

It it. It made my choice a lot easier, because I don’t need to go through like detect like, which is new, is not so. It is everyday, is only sending that new items new problems. So it saves my time a lot

David W. Schropfer 00:38:08

Exactly, and that’s great.

Alright. So we’re kind of running out of time. In fact, we’ve gone a little bit over time, but really quickly, I’m just going to show a real-life case study.

This is an e-commerce company. This is not a client, but I’ll just give you a quick overview.

So this is what our system found for Twelfth Tribe – lookalike domains, hundreds of them literally. Sorry to scroll through so fast. It probably made you a little bit dizzy.

And one of the first things we do is look at one of our filters, “have images”, which means that we’re only going to show those domains that actually have an image, either a parking image up because that domain’s being parked or an actual website if that domain has a website up.

And then we can also parse it by email, domains that have the same extension, domains that have similar affixes, prefixes, suffixes, or mistype, etc. So I’m just going to choose affixes and just look at what the system found in just a couple of clicks. First of all, the Twelfth, the Twelfth, shop, Twelfth Tribe. These are perfect attack domains. These could easily be used by a scammer. Now they’re parked right now. There’s no content there, as you can see. That’s just a parking website.

It says, and we’re tracking everything all the other records. But in a moment, you could see that an attacker could put up a fake website at this domain at any given moment.

Alex Zordel 00:39:42

Yeah, that is concerning. Before, I didn’t know when the attacker would create a website there and when the scam would start. I needed to check every day manually. But this tool looks like it checks it automatically for me.

David W. Schropfer 00:39:59

Exactly. And that’s why what you’re looking at here is it’s on the watch list. So the moment that website goes up, this screenshot will change, right? And Alex will get a notification. If this was a client, Alex would get a notification and can look at it right away and say, “Wow, that’s a fake website. Let’s take it down immediately before anybody sees it.”

Here’s another great example. Twelfth tribes, with not only plural, but an additional “S” at the end. And it looks like a website is up here. So let’s go check this out.

So this is Twelfth Tribe’s real website. I’m just going to hit refresh to make sure. So it’s a fashion site. They have high-end fashion products. They’ve got a great digital marketing campaign. And here’s the fake website we just found right away. You can see that they didn’t even bother to write content here. This is the what we call Greek type, that placeholder.

Alex Zordel 00:41:08

They took everything. I mean, look at this. Look at this product. That photo probably looks a lot like the look and feel of the website you just looked at. And it’s got lots of different photos of the same person.

And just for fun, let’s just take this product name, “Red Emerald Velvet”. I’m going to copy it. And I’m going to go to their actual website and just do a quick search.

Yep, and there it is. The scammer took the photos. They took the product name.

So what’s the difference? The real website has it on sale for $61.60, it was normally $88. And let’s see, with the scammer. So look, the scammer’s selling it for $28. That’s a really good discount, until, of course, you give the scammer your credit card and they ship nothing at all, right. Just a classic example.

Alex Zordel 00:42:03

Classic example. So that’s the kind of thing that the website finds. If this is a client, this would be blacklisted. You know, the scarier part is if the scammer saves that actual card. And they use it a lot without informing the victim. They can charge even thousands, even clean out the whole card, everything. Well, they are showing $28. Maybe it could be $28,000. Don’t know. No, that’s a great point.

David W. Schropfer 00:42:38

That’s a great point. And you may be asking, well, you know, a website, a credit card is encrypted when you enter it. Sure it is if you enter it into Stripe, or if you enter it into a legitimate online payment system, but if you put it in a scammer’s field.

Alex Zordel 00:42:54

It is not.

David W. Schropfer 00:43:11

So great, great example about what not to do in this example, but that’s exactly the point.

So again, a visitor client, we could take this. We could take down the site that we found very quickly blacklisting it in minutes I would. I would wager that as soon as we shut down.

If we shut down Twelfth Tribes Shop. One of these is maybe owned by the same Scammer who’s just going to move that same content to another domain, and another one after that, and another one after that, because here they are. They’re all lined up. We’ve got even more of them over here.

Plenty of them, plenty of choices for the for the thread actor to just move it around this one. The twelfth tribe hasn’t even been set up yet. They can do that in a second. So everybody we’ve gone way over time.

I hope you’ve all enjoyed the presentation. I’m going to just leave time for one question that we already have on the board here. Give me 1 s. okay, which websites are attacked most often, I assume you mean what kind of what kind of industries are attacked most often that would definitely be financial services, because that’s where the money is. If you certainly a bank, a credit union, a financial planner, bookkeepers. We saw a very interesting attack with Adp. Where the Scammer was trying to get the credentials of the employee that can log into adp. Why? Because with those credentials you can pay yourself a salary for for a long period of time without the company knowing about it. So yeah, there are. Financial services are definitely at the top of that list. And like, we just showed e-commerce companies, also, very, very much the same thing.

okay, one more. The second question is for Alex, what would you recommend for web developers in terms of managing an attack that’s going on now. So, Alex, I’ll let you take that one.

Alex Zordel 00:45:14

Okay, it is like very interesting question. So I found Dominique scared so clients, although they are like did not like to be scammed. But they’re also busy person. They do not have enough time to take all of this possible like scammers website taking them and making a decision. Either it is going to be threat or not.

So as a web developer, I think. It could be a opportunity for us to make some additional money by like, instead of giving the dominance gets the main app access to the client. We can say that we are taking the responsibility. We are listing all the domains for him. And we because we develop the website. So we know that we son is going to be a threat. His son is not so like, so so I can do that main task like as like taking the website taking the emails every day and making sure, making the decision. If it is going to be a threat or not. By this way we can give our client like

peace in their mind that, hey? I am. They have, like someone to take care of their website. Nobody is going to scam them. And this way we can take some additional money from our client and pay some of it to the Dominican, and some of it we can take as as we are spending some time, so we have Bell right? So I think this both situation our clients.

They can be sleep like by knowing that they can really sleep like by knowing that someone is taking care of his cameras. And we also do some like additional earning regular, regular, regular additional earning, I would say, that’s a good thing for us as a web developer as well.

David W. Schropfer 00:47:13

Perfect. Well, that’s all the time we have everybody. So again. My name is David Shrofer. Here’s my contact information. D. If you’d like to reach out to me. And Alex, why don’t you tell everybody how they can contact you if they wanted to connect you connect with you directly.

Alex Zordel 00:47:30

Sure. is my portfolio website. You can just email me directly, That’s all

David W. Schropfer 00:47:39

wonderful. Everyone. Thanks for attending Alex. You’ve been a great guest. I really appreciate your insight on this, webinar.

Alex Zordel 00:47:46

Thank you for having me.

David W. Schropfer 00:47:52

Thanks alright! Have a great day, everybody

Alex Zordel 00:47:52