Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
Domain Fraud on the Upswing
New TLDs has given rise to the increased number of fraudsters spinning up fake domains.
Cybercriminals have been leveraging the privacy features extended to consumers in regulations such as GDPR, because they allow them to remain anonymous and register for fraudulent domains, according to new research from Proofpoint.
In the recently published report, "2019 Domain Fraud Report," Proofpoint researchers found one in every four fraudulent domains that were registered have security certificates and 90% are active on a live server. Additionally, over 15% of fake domains have mail exchanger records.
An alarming 85% of top retail brands have identified fraudulent domains selling counterfeit versions of their products, which poses an obvious threat to businesses, the report points out. To create these "look-alike" domains, fraudsters are prone to using Chengdu West Dimension Digital, NameSilo, Public Domain Registry, GoDaddy as their registrars of choice.
These fraudulent domains are able to go largely undetected because they use the same top-level domains (TLDs), registrars, and Web servers as legitimate businesses. Researchers found the advent of new TLDs in 2018, such as .app and .icu, has given rise to the increased number of fraudsters spinning up fake domains.
According to the report, TLDs "provided new opportunities for the registration of fraudulent domains. Our research suggests that attackers rushed to register domain names with the new TLDs. These fraudulent domains resembled '.com' domains already owned by top brands."
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024