Domain Fraud on the Upswing

Cybercriminals have been leveraging the privacy features extended to consumers in regulations such as GDPR, because they allow them to remain anonymous and register for fraudulent domains, according to new research from Proofpoint.

In the recently published report, "2019 Domain Fraud Report," Proofpoint researchers found one in every four fraudulent domains that were registered have security certificates and 90% are active on a live server. Additionally, over 15% of fake domains have mail exchanger records.

An alarming 85% of top retail brands have identified fraudulent domains selling counterfeit versions of their products, which poses an obvious threat to businesses, the report points out. To create these "look-alike" domains, fraudsters are prone to using Chengdu West Dimension Digital, NameSilo, Public Domain Registry, GoDaddy as their registrars of choice. 

These fraudulent domains are able to go largely undetected because they use the same top-level domains (TLDs), registrars, and Web servers as legitimate businesses. Researchers found the advent of new TLDs in 2018, such as .app and .icu, has given rise to the increased number of fraudsters spinning up fake domains.

According to the report, TLDs "provided new opportunities for the registration of fraudulent domains. Our research suggests that attackers rushed to register domain names with the new TLDs. These fraudulent domains resembled '.com' domains already owned by top brands."