WhoisXML API Blog

Yahoo! Data Breach Settlement: A Deep Dive into Fake Websites through Domain Name Monitoring

The massive Yahoo! data breach that lasted from 2012 to 2016 is one of the most notable data breaches to date, with 3 billion accounts compromised. Users’ names, birthdays, email addresses, phone numbers, and even encrypted and unencrypted security questions and answers were just some of the information stolen and potentially peddled in underground markets.

The good news is that those who have been affected can now claim benefits for the damages and losses they incurred. They can get two years of free credit monitoring or US$100–25,000 in cash as settlement for theft and potential fraud. Those interested can check if they are eligible for settlement payment by contacting the administrator of the official data breach settlement site, yahoodatabreachsettlement.com.

Doing a Regular MX Record Check Can Help Thwart Phishing Attacks

These days, sophistication seems to be the secret behind the most effective cybercriminal schemes. And those behind business email compromise (BEC) scams are just some of the perpetrators raking in millions of cash. Targeting email users remains an effective way for cybercriminals to cripple organizations and lighten their coffers with very clever ruses. In 2018, BEC scammers amassed US $1.3 billion from their victims, according to the Federal Bureau of Investigation (FBI).

BEC attacks involve mimicking the victims’ executives or higher-ranking officials and trusted contacts from partner organizations and suppliers in emails to get them to part with corporate funds. In essence, the cybercriminals use effective social engineering tactics and each time make sure that:

How Using WHOIS-Powered Tools Can Get You Ahead of E-Commerce Fraud

This coming holiday season, online retailers must remain vigilant as e-commerce fraudsters are certainly going to work harder than ever to take advantage of the throngs of shoppers sure to flock online.

The steady rise in e-commerce sales through the years makes online retailers lucrative targets for fraud. Last year’s Black Friday sales total reached $6.2 billion, while the Thanksgiving online revenue reached $3.7 billion. Even Alibaba’s recent Singles Day sales total reached $31 billion. 

Predictions also state that the worldwide e-commerce sales revenue is poised to reach $4.9 trillion by 2021. While these figures are great for retailers, they also tell cybercriminals they have a lot to gain from preying on e-commerce sites.

Optimizing Threat Hunting with Bulk Domain Search

Threat hunting involves proactively looking for signs of attack within your network, by means of a set of indicators of compromise (IoCs). These IoCs are compared with network access logs to pinpoint if any of the users are unauthorized. More specifically, threat hunters can use Domain Name System (DNS) and firewall logs to list all IP addresses and domains connected or trying to gain access to the network.

3 Geo-Targeting Success Stories and Other IP Address Geolocation API Lessons for Marketers

Experts are now starting to recognize the impact of location-based marketing on today’s cluttered ecosystem, long overlooked by the industry. Consumers are more scattered than ever, proving it to be a challenge for most brands and their marketing teams. However, location-based technologies enabled by tools like IP Geolocation API could soon change that, as experts see it as an effective solution to the disruption of an increasingly divided and distracted audience.

Marketers know it’s time to listen when digital marketing authorities are touting the benefits of location-based marketing. Survey data reveals that:

• Around 80% of marketing professionals believe that location-based ads lead to higher engagement rates.

Conducting Passive Reconnaissance Using Website Contacts Database Intel and Search Results

Is your supplier or partner, or a new acquisition of yours a potential threat? If you’re reading this, you’re probably asking yourself the same thing.

Third-party vendor risks have become a pressing concern among businesses in the wake of recent supply chain attacks. Around 59% of organizations have encountered an attack that can be traced back to their suppliers. This number has probably increased as reports of new vendor-caused attacks make headlines every day.

Many organizations believe that vendor risk assessment should be a high priority as they engage with more service providers. Unfortunately, most do not have the resources to do so. Among those who do, only 36% believe that their third-party risk management programs work.

Real-Time Protection by Integrating Website Reputation Scores into SIEM Solutions

Real-time threat detection is tantamount to up-to-date protection, which should be the only kind of cyberdefense. The key to any good defense, however, is to think and act like there is always a threat. This is true in the virtual realm, to some great extent, where we see a hacker attack every 39 seconds.

For this reason, the use of security information and event management (SIEM) solutions is gaining popularity among security operations centers (SOCs). Security teams are gearing up for when and not if they are attacked. And it’s real-time threat detection and protection that is their goal.

Take Control of Nameserver Records with a Reverse Nameserver Lookup API

One reason why cyber risks are far more serious today than in the past is the widespread and cheap access to services from registrars and hosting providers. From amateur bloggers to small business owners, anyone can register a domain and create a website for whatever purpose.

The problem is that not everyone has the right skills to properly configure servers — e.g., define hosts or set up address (A) or pointer (PTR) records, among other things.

Website owners are lucky if issues from nameserver misconfigurations only result in reduced website availability. There are other consequences, though, such as higher spamming scores and Secure Sockets Layer (SSL) authentication errors or vulnerabilities that could potentially lead to security compromises.