4 Ways Your .com Domain May Be A Security Risk

minute read

 

One of the dangers of surfing around the Internet is the mistyped domain.  Sometimes transposing a couple of letters or leaving out a letter will find the unsuspecting web surfer at a location on the Internet that is neither moral nor safe. One of the things that I find my lazy fingers doing is leaving the “m” off the end of “.com” when going to a website or sending an email.  Up until now, that has only resulted in a “page not found” message, a weird looking search screen for the website, or a “could not deliver” message for the email. However, now that the domains are available for purchase with “.co” extensions, this poses at least four serious issues for domains that already exists with “.com” extension.

Four Areas At Risk

Two risks are related to your email, and the other two are related to your website.

  1. People Sending You Email
  2. Staff Logging Into Email Remotely Or Via Web Brower
  3. People Going To Your Website
  4. Online Giving

1. People Sending You Email

If your church's email addresses end in .com, someone could set up a .co email server and begin catching some of your emails. Here is the scenario.  Let's say your email addresses are @church.com.  You have a financial administrator whose name is Eve, so her email address is Eve@church.com.  She has important communications going back and forth from her email account. If someone creates the domain church.co, either legitimately or with the intent of trying to get your information, an email that is mistakenly typed in as Eve@church.co will go to the owner of the church.co domain and not your @church.com domain.

2. Staff Logging Into Email Remotely Or Via Web Browser

No matter what email solution you use, if logging into that system remotely consists of going to a web address such as mail.church.com or webmail.church.com, you may be at risk.  If the bad guys purchase the “.co” equivalent of your “.com” domain, they can set up a fake site that looks like your remote email login screen. If staff accidentally go to that site and attempt to login, they obviously will not get into their email, but the bad guys could capture the username and password that is typed in.  Then the bad guys can go to your real site and use that information to log in to that staff member's email account.

3. People Going To Your Website

This is actually not a new risk. Porn sites and disgruntled people have been known to set up sites with alternate domain extensions such as .net, .org, etc. This has become less of a concern over the years as the number of domain extensions has increased.  However, the risk of the missed “m” on .com causes this to be a risk once again.

4. Online Giving

This risk could potentially be the biggest risk. Much like a staff member who mistakenly enters their email login credentials into a fake site, imagine if a church member is attempting to pay their tithe and enters their bank information into a fake site www.mychurch.co instead of www.mychurch.com.

Solution

In the early years when churches first started setting up websites, most of them used the “.org” extension. Since it was a habit for people in a hurry to type “.com” on every website, the general recommendation for churches was to purchase the “.com” extension in addition to the “.org” extension, even if they never planned to use it. That way the church could help protect their good name. As time passed, many churches have opted to forego the “.org” extension completely and just use the “.com” instead.  That helped to lower the annual domain registration costs, and put their site in the mainstream of the “.com” world. We have come full-circle. We are back to the need for purchasing an additional domain for safety and integrity sake. To combat the potential risks outlined above, I suggest:

  1. Purchasing the “.co” equivalent of your “.com” domains.
  2. Adding a landing page to your site welcoming people who accidentally type .co.
  3. Setting a redirect in the DNS setting so when a person types the .co they are redirected to the landing page set up in the step above. Click here to see what happens when someone types steveperky.co instead of steveperky.com.
  4. Setting up subdomain redirects as well. (e.g. youth.mychurch.co redirect to youth.mychurch.com or your mobile site m.mychurch.co redirct to m.mychurch.com)

Discussion

Do you see this as a risk, or am I being too cautious and wasting money on extra domain registrations? What other suggestions do you have to combat this potential issue?

 

Disclosure of Material Connection: I have not received any compensation for writing this post. I have no material connection to the brands, products, or services that I have mentioned. I am disclosing this in accordance with the Federal Trade Commission’s16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.”

 

Loved this? Spread the word



Disclosure of Material Connection: Some of the links in the post above may be “affiliate links.” This means if you click on the link and purchase the item, I will receive an affiliate commission. This will not cost you any extra. Regardless, I only recommend products or services I use personally and believe will add value to my readers. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.” I occasionally use affiliate links to offset the cost related to website hosting. Learn more on my Disclaimer Page

Related posts

How Your Online Ministry Can Identify Church Growth Opportunities

Read More
How Your Online Ministry Can Identify Church Growth Opportunities

Resources to Empower Your Amazing Audio Techs

Read More
Resources to Empower Your Amazing Audio Techs

5 Lessons from Moore’s Law Every Church Should Learn

Read More
5 Lessons from Moore’s Law Every Church Should Learn

Subscribe to receive my latest thoughts on life, leadership, ministry, and technology in our converged physical-digital World