Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
Domain Fraud on the Upswing
New TLDs has given rise to the increased number of fraudsters spinning up fake domains.
Cybercriminals have been leveraging the privacy features extended to consumers in regulations such as GDPR, because they allow them to remain anonymous and register for fraudulent domains, according to new research from Proofpoint.
In the recently published report, "2019 Domain Fraud Report," Proofpoint researchers found one in every four fraudulent domains that were registered have security certificates and 90% are active on a live server. Additionally, over 15% of fake domains have mail exchanger records.
An alarming 85% of top retail brands have identified fraudulent domains selling counterfeit versions of their products, which poses an obvious threat to businesses, the report points out. To create these "look-alike" domains, fraudsters are prone to using Chengdu West Dimension Digital, NameSilo, Public Domain Registry, GoDaddy as their registrars of choice.
These fraudulent domains are able to go largely undetected because they use the same top-level domains (TLDs), registrars, and Web servers as legitimate businesses. Researchers found the advent of new TLDs in 2018, such as .app and .icu, has given rise to the increased number of fraudsters spinning up fake domains.
According to the report, TLDs "provided new opportunities for the registration of fraudulent domains. Our research suggests that attackers rushed to register domain names with the new TLDs. These fraudulent domains resembled '.com' domains already owned by top brands."
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024