Targeted attacks on GCC org and their customers via Social Media Accounts and Cousin Domains

An attack technique being used for some years elsewhere is now being used in targeting GCC organizations.

Attack Description:

Over the last few weeks we have witnessed multiple attacks where the attacker used EITHER a "Cousin (Look-alike) Domain" setup for spear phishing Email communication OR

an Impersonated Social Media Account seemingly dormant with No or very Low Activity are being used for direct communication with the target victim. 

Attack Objective:

The attacks mostly are very targeted towards "Staff Members" for compromising their various ID credentials including official Email & Social Media accounts as well as public Email and social media accounts 

Mitigation Recommendations:

- Regularly analyze the look-alike domains for an MX (Mail Exchange) record

- Any suspicious domain should be included in the organization Email firewall blacklist 

 * to block Emails coming inwards from such domains

 * to block any Email where in the body there is a URL of that domain

- Monitor and Take-down across all Social Media any Impersonated Accounts that may even seem dormant 

Reference URLs

If you have any questions or comments , please email to This email address is being protected from spambots. You need JavaScript enabled to view it..

Technical Services

A fiercely professional team of security specialists that can assist to establish and maintain a robust and secure computing environment. Read more...

Procedural Services

PCI DSS, ISO 27001, Risk Assessment and development, customization, or re-engineering of policies, processes, procedures and work instructions. Read more...

Product & Solutions

State-of-the-art technology backed by a qualified professional team at your door-step to secure the IT infrastructure from malicious threats. Read more...

Fraud Management

Protecting the organization's reputation and customers against possible online attacks as a result of e-commerce activities. Read more...