Cybersecurity: Why one old web scam is on the rise again

Fake domains and bogus websites are experiencing something of a revival - unfortunately.
Written by Danny Palmer, Senior Writer

Cyber criminals are going back to the future by conducting attacks utilising various kind of domain fraud – and almost all organisations with an online presence are potentially at risk.

These campaigns were quite common in the early days of the World Wide Web, but over two decades on, domain fraud is now stronger than ever, taking advantage of the sheer variety of top level domains (TLD) available to choose from.

Attacks using fraudulent domains can include typosquatting on domains that capitalise on traffic meant for other websites and or domains and websites designed to look like the real deal.

SEE: 10 tips for new cybersecurity pros (free PDF)

Fraudsters are also taking advantage of the increased number of top level domains to register lookalike domains – for example, the letter "m" can be replaced by the letters "r" and "n" to give the appearance of "m" and it's something that many users won't notice at first glance.

Attackers can use these fake domains to conduct phishing campaigns, perhaps sending emails claiming to represent a particular retailer or service provider and asking victims to click the link and login to a spoofed version of that website – handing hackers their credentials in the process.

Another means of profiteering from fraudulent domains is for attackers to spoof a website of a well known brand and use it to sell counterfeit products.

Researchers at cybersecurity company Proofpoint have analysed over 350 million domains over the course of the year and have published the findings in the 2019 Domain Fraud Report – which notes that as the number of domains across the web continues to grow, so does the number of fraudulent and malicious domains.

"What's old is new again: these techniques have been around forever, but we're still not paying enough attention to them," Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint told ZDNet.

"At this point, the number of global domains registered continues to go up. We create new top level domains all the time and they look very convincing – and this is going to be valuable to attackers".

Researchers found that malicious fraudulent domains increased by 11 percent between Q1 and Q4 in 2018 and that most businesses across all industries and geographies are affected by them: three quarters of Proofpoint customers are aware of a lookalike domain mimicking their brand, a figure which rises to 85 percent for retailers.

Meanwhile, 96 percent of organisations found exact matches of their brand-owned domain with a different TLD – for example, with .net instead of .com.

One of the reasons attackers have become increasingly interested in TLD attacks is because of the variety of domains that have become available in recent years. Attackers can take advantage of this by registering domains such as .app, .ooo, .info and those of almost any country in the world to create fraudulent and malicious websites – all of which can be created easily and at low cost.

Researchers also state that domain fraud has also become simpler for attackers because of the increased privacy offered by regulations like the European Union's General Data Protection Regulation (GDPR) which allow registrars to remain anonymous – especially for domains based around European countries.

Consumers have been told how to avoid falling victim to fraudulent or suspicious websites, with many experts recommending that users look out for a website starting with "HTTPS" rather than "HTTP" and which features some sort of padlock as an indication of a safe site.

However, researchers found that cyber criminals are using security certificates in a quarter of their domains, meaning that users who've been told to trust the padlock may be falling victim to malicious sites they perceive as legitimate.


Editorial standards