Goverments failing to prevent rising phishing attacks, says IT analyst

An IT security analyst in Halifax believes provincial governments should be doing more to protect people from online imposters who steal personal information through phishing attacks using lookalike websites.

Logan Attwood is trying to prevent these “typosquatting” attacks by buying web addresses that could be used by scammers and contacting the Nova Scotia government about the problem.

“One carefully crafted email pretending to be the province of Nova Scotia could end up stealing more identities than [the number of] people who have ever taken the Cat ferry in Yarmouth in its entire existence,” Attwood told CityNews Halifax.

Typosquatting, also known as URL hijacking, is a practice where someone will buy a web address that's nearly identical to popular websites.

If someones types a URL into their browser that's slightly incorrect, they'll be taken to a different host.

What's been a recent issue are doppelganger websites that look identical to official websites but their URL omits a “.” in the address.

“Doppelganger domains are when there's a domain that exists that is the same as another one but without the dots,” he said. “They look very, very similar and it's not just a typo.”

These doppelganger websites can be used to trick people into giving up personal information.

For $20, one website Attwood registered to prevent typosquatting attacks is “govns.ca.”

It's just close enough to Nova Scotia's old web address “gov.ns.ca” which the government has been transitioning away from since 2018. However, that web address is common in any people's memories.

Current domains for the province's government are under “novascotia.ca” while “gov.ns.ca” is a legacy domain that redirects to the current domain.

But Attwood says the government is failing to protect people from falling into these typosquatting attacks.

He's contacted the Nova Scotia government a few times and still hasn't received a response.

He's also registered domains for other provinces and territories including Manitoba, Saskatchewan, the Yukon, both English and French versions for New Brunswick and the English version for Quebec.

“But then when I started to look at British Columbia, Alberta and Ontario, those domains had already been registered and the registration information didn't match the provincial government — someone else has them,” said Attwood.

New data from the Canadian Internet Registration Authority (CIRA) shows that households across the country are facing an increased number of cyber threats.

“The report found that total volume of blocked cyber attacks recorded between July and September 2021 (Q3) was 31.7 per cent higher than previous quarters,” reads the report.

In most of these cases, Attwood said these websites are being built by career cybercriminals anywhere in the world.

“Typically, these attacks will get launched from places where our police forces and our law enforcement agencies don't have as much power,” he said. “But in order to launch this attack, you would have to be able to register a '.ca' domain first, and those are all controlled in Canada.

“Being completely honest here, these domains should've never been for sale.”

To register a website under a “.ca” domain, the Canadian Internet Registration Authority requires that the individual, business or organization have a Canadian presence.

Attwood said that roughly 25 or 30 years ago, there was probably a human set of eyes reviewing each registered “.ca” domain. Now, everything is automated.

He said these private domains that look like official websites should be transferred to the government.

It's also not a complicated or costly process. The government just has to purchase these domains.

One tip Attwood suggested is that if someone receives an email from their bank, insurance company or other institution, they should go to the actual website rather than clicking on the email website link to avoid potential phishing attacks