Domain Shadowing: The Hidden Threat to Your Domain

Is your domain safe from shadowing?

Your business thrives on its reputation, and we know that you work hard to build a positive name in your community and your field. But maybe you’ve never considered your cyber reputation, or more aptly, the reputation of your online offerings. Yet our digital enterprises not only reflect our company distinction, they also impact our ability to do business online. So if someone is attacking your legitimate website or online application and using your digital reputation for criminal activity, it’s something you want to be cognizant of. Many of us, however, are still unaware of the practice of domain shadowing and how it can affect our business.

Domain shadowing is a malicious tactic used by cyber criminals to gather multiple domain account credentials and then silently create subdomains that point traffic to a server hosting malware or ransomware that will infect a user’s computer. Because the subdomain belongs to a legitimate business domain, these attackers are able to bypass reputation-based filters and pass their criminal traffic as safe. The domain owner never even knows it’s happening.

Domain shadowing starts by a hacker capturing a domain owner’s identity via phishing or keylogging methods, and then without the domain owner’s knowledge, the hacker creates subdomains. But because the subdomain appears to be legitimate, using it in further phishing techniques makes it difficult for even savvy internet users to detect that there is danger in accessing the domain. For instance, if you received an email with a link to, you would likely assume the link is legitimate as Amazon is a trusted domain. However, a shadow domain is utilizing Amazon’s good reputation to get you to click the link and infect your machine with malware or ransomware.*

This means the domain that runs all of your online business offerings may be used to serve up malicious software that will damage not only computers, but your online reputation as well as it begins to associate your domain with malicious traffic. It is one of the most effective and difficult-to-stop techniques that hackers have used to date as the accounts created are done so at random and there is no way to predict who will be attacked next. In addition to being random, these attacks are short-lived, sometimes existing for no more than an hour. But attackers can funnel high volumes of traffic through the infected subdomain in that short amount of time.

So how do you protect yourself from domain shadowing? The most effective solution so far has been to implement two-factor authentication on your domain registration account. Two-factor authentication is a two step verification process that provides an extra layer of security to your online login process. Not only do you enter a username and password to access your account, but you’re also required to provide information that is known only to you. For instance, upon attempting to log in, an account protected by two-factor authentication may send a text message to your cell phone with a code you have to enter in order to complete the sign-in. If a hacker tries to log in, they will be unable to enter  the second verification method needed to access your account.

Another important step in protecting your business from domain shadowing is to be aware of all administrator accounts with access to your domain register and to regularly monitor activity on your account. Requiring regular security updates and password changes will also help protect your company from malicious activity on your domain.

If you want to know more about domain shadowing and how you can protect your business, we’re always here to help. Our networking experts are happy to discuss options for protecting your valuable online reputation and to help you implement security measures. Give us a call today to start protecting your online enterprise.

*This is purely an example and does not suggest that Amazon has fallen victim to domain shadowing.