Hire DomainGuard for Proactive Phishing and Fraud Protection

Summary

There’s been a rise in lookalike domain registrations targeting SushiSwap. Scammers are registering similar looking domains and cloning SushiSwap’s main site and platform to trick victims into entering wallet secrets. Scammers also impersonate fake support on Twitter, Discord, and other social media platforms to trick users onto these sites. We’ve also seen Google ads begin to run targeting SushiSwap with links to malicious sites.

Abstract

DomainGuard offers a service which would provide SushiSwap with Proactive Phishing and Fraud Protection. Banks and online retailers have been using domain monitoring services such as DomainGuard for years. With the rise in crypto, attackers have also increased their attacks and phishing efforts on crypto exchanges, NFT marketplaces, basically anything that allows for a wallet connection.

Motivation

The motivation for our pitch is that SushiSwap is actively being targeted, in the present tense. We’re not hear to talk about a product that may help in theory, we’re here to talk about a problem that’s actively affecting SushiSwap, and we’re here to provide a solution. These attacks are happening, now - and we’ve come here after we’ve identified them in our platform and want to help SushiSwap better protect their domain and brand from phishing and fraud. See our evidence below of activity we’ve found in the past week targeting SushiSwap.

Specification

We will create a multi-page PDF proposal with the specifications and legal lingo should SushiSwap want to consider our services.

For

DomainGuard begins to monitor for phishing and fraudulent activity related to the SushiSwap domain and brand. DomainGuard would detect, and takedown malicious sites, preventing them from ever reaching your userbase. The SushiSwap brand and it’s reputation would increase in credibility. Limit effectiveness of Phishing against your users and employees. Gain a high integrity security vendor as a trusted partner to help in future security discussions.

Against

Can’t really think for a reason against using our service. Scammers would continue to leverage the SushiSwap site and similar domains in crypto phishing attacks against your users. Users would have a bad taste in their mouth if they were scammed on a site that looked identical to yours. Support and fraud cases would increase.

Evidence

Example Lookalike Domains - Used in Phishing

sushiswapc[.]pw
sushiwabp[.]com
sushiswap0[.]com

Example Tracked - Not used in phishing, YET

su-shiswap[.]com
sushisvaps[.]cloud
sushiswop[.]guru

Example Google Ad Phishing Link

Example FInding

Sushiswap3

Our Twitter Feed with More Examples

https://twitter.com/GuardYourDomain

Our Company Website

https://guardyourdomain.com

Poll

Should SushiSwap discuss further with DomainGuard?

The options on the poll below should simply be Yes or No. There are legitimate reasons to vote no, and our goal is not to pressure anyone into voting yes. The poll cannot be reworded 5 minutes after creation and we do not want to restart the poll and lose results of those who already voted. Voting no does not mean that you want users to attack the Sushi domain and\or brand.

  • Yes - let’s take these scammers down.
  • No - we’ll let scammers register these sites to attack our users and brand.

0 voters

What are the costs of your service? There is also a question of how much more effective will this service be compared to how sushi is taking down scammers now. Comes down to are your services worth the cost. There might be also other services out there that accomplish the same goal. So would like to have more information to explore all options.

Also,

I would recommend you reword that poll. Find it’s weird to automatically assume those who vote no want scammers to attack sushi brand and users. There are perfectly legitimate reasons to vote no on this proposal. Shamming people to vote yes seems distateful (maybe not your intention but that’s the impression I’m getting)

4 Likes

We will start by addressing this because our goal is not to sham people into voting for our service. It’s important to highlight that we wrote our post with emotion and a sense of urgency because, at the time of writing, three active phishing sites were targeting SushiSwap. Our concern was users being scammed by something we have the power and data to prevent.

We tried to reword our poll, but Discourse does not allow us to change it 5 minutes after creation. Thank you for pointing out how we came across, as it is certainly not our intent and our goal is not to sell fear but to sell peace of mind that the SushiSwap domain and brand is guarded when using our services.

The cost of the service varies from client to client and is a tiered offering. Based on the volume we’ve seen for Sushi, the pricing would range from $1,200 - $3,400 USD per month. At $1,200, SushiSwap would receive domain monitoring and takedown services for the Sushi domain and brand. Should Sushi want to pursue our services, we can get into the specifics of what you would get at the other end of the pricing spectrum later on. We recommend most clients start at the first tier price point as you can always tier up to more services at a later date.

We engage with potential clients after three criteria are met:

  1. A spike in lookalike domain registrations is identified
  2. Active phishing sites are identified using the lookalike domains
  3. Phishing sites remain active for days, weeks, and sometimes months

The third criterion is most critical and generally indicative that the organization is unaware of these types of attacks and is not using a provider to help identify and take down these malicious sites. We’ve reported three phishing sites through Discord, and two of the sites remain active. So to answer your question about how effective DomainGuard is compared to what Sushi is doing now, we’d argue very effective as it seems you’re currently unable to detect and takedown these sites. You may be catching scammers through other means but usually, that involves a reactive approach only after a user has been scammed and has evidence of the site used in a scam. Our approach is proactive, meaning we keep an inventory on sites that scammers could use to phish users before the attack has begun.

An example of one to keep an eye on: https://sushī[.]com
This website is a clone of a blog post from team secret and has nothing to do with Sushi. The domain is registered with Namecheap and appears to be aging. There’s a high likelihood that this could be used in an attack against Sushi. The attackers would use a subdomain “app.” and clone a fake site that looks identical to “app.sushi.com”. We track suspicious domains like this and detect changes and issue takedowns when the site’s intent changes from suspect to malicious.

There are, and they also do a great job. A quick google search for “domain monitoring” or “domain monitoring takedown” should give you google results on our competitors should you want to pursue them. We encourage you to do your research and shop around. We’d love to win your business and work with this fantastic community. We enjoy working with customers who take pride in their brand, logos, style guides… etc.

Regardless of whether you choose us or not, we’d highly recommend looking into this type of service as Sushi is being targeted. There are hundreds of lookalike domains registered that scammers could use in an attack against your users. We hope you’ll choose us, and here are some reasons why.

Why DomainGuard?

Founded by Certified Penetration Testers \ Ethical Hackers

The idea behind our platform is built on years of experience breaking into many of America’s largest corporations, legally, of course. Our story started when clients engaged us to break into their organization, and we used phishing sites to make this happen. When phishing was involved, our success rates were 90% or higher. We then set out to build a platform to detect the same attacks we used to break into our client’s networks. After we built our platform, we saw the apparent benefits for phishing detection and detecting fraudulent domains such as the ones we displayed above.

Flexible Contract, Loyalty Pricing

It’s not uncommon for managed security providers to have 1-3 year contracts, and we hate that. These contracts only benefit the provider and not the customer, and what this results in is showmanship around renewal time. So we’ve instead opted only to offer our services on a month-to-month basis, allowing us the opportunity to impress and win your business each month.

Guaranteed Accuracy

We are so confident in our platform’s detection capabilities that guarantee our results. What this means is - if ever a scam occurs from a lookalike domain not identified by DomainGuard, we will provide a discount for that month of service. We make this guarantee because it holds us accountable. DomainGuard has run into countless phishing sites targeting brands that our competitors are monitoring, and this won’t be the case for Sushi if you choose us.

Thank you for your time and consideration.

2 Likes

Appreciate the thorough response. The information you provided is substantial where the sushi community can make an informed decision. Thank you for that. On a personal level, I do think your services are worth considering and the price seems very reasonable.

1 Like

Thank you, Killswitch. What exactly does it take to reach the next steps on this proposal? Our platform currently sees three active phishing sites targeting Sushi that we’ve reported on. We identified another one this morning that looks to be in development as there is no mechanism to trick users into entering wallet secrets yet, but is using the Sushi branding.

Another one came through today:

SushiSwap9