New domains revitalize phishing campaigns

Top level domains are a target for cybercriminals in delivering spam, phishing emails and malvertizing to Web users.
Written by Charlie Osborne, Contributing Writer
Top-level domains are becoming a favorite tool of cybercriminals looking to promote unwanted, fraudulent advertising and phishing campaigns.

According to a new report released by Kaspersky Lab, Spam and Phishing in Q1, the new generic top-level domain (gTLD) registration program has become an attractive target for spammers. Launched at the beginning of 2014, the program was intended for use by relevant organizations, but unfortunately generic TLDs have become an "excellent" tool for spreading spam, according to the firm's researchers.

The gTLD registration program allows organizations to choose domain zones relevant to their businesses and activities. For example, researchers could choose to register a .science domain, sports groups can use .club, and location-based TLDs are also on offer -- such as .berlin or .london. Businesses and organizations are enthusiastically registering for these new domains, which no longer limit groups to addresses such as .com or .biz, but they are not the only ones.

Kaspersky says that cybercriminals are also taking advantage of the trend. The security firm's email traffic observations suggest generic TLDs "almost immediately" became a top source of large-scale spam distribution, and there was a "considerable increase" in the number of new domains that sent out spam content in Q1 2015. The report states:

"In general there wasn't much connection between the theme of the spam and the domain name, but in some cases there was a clear logical connection between them. For example, emails sent from the .work domains contained offers to carry out various types of work including household maintenance, construction or equipment installation.
Additionally, many of the messages from the .science domains were advertising schools that offer distance learning and colleges to train nurses, criminal lawyers and other professionals."

Life, health, vehicles and insurance were also hot topics for spam distribution -- which may appear more legitimate than standard domain addresses. For example, a message sent via a .insurance domain rather than .biz may look like it stems from a genuine source, resulting in higher rates of success for spam and malvertising campaigns.

Other report highlights include:

  • Spam sent in Q1 2015 included a large number of mass mailings containing Microsoft Word or Excel files embedded with macro viruses -- often disguised as professional or financial documents to dupe recipients.
  • The proportion of spam in email traffic was 59.2 percent, which is 6 percent lower than in Q4 2014.
  • The US is still recorded as the biggest source of spam.
  • Phishing against customers of financial organizations accounted for 37.06 percent of all reported cases.
  • Insurance was one of the most popular themes for spam.

Cyberattacks against businesses and government organizations are not going to go away anytime soon -- and so cyber insurance now matters. In February, insurance provider Marsh & McLennan (MMC) attended a hearing with a US Senate committee to plead the case of cyber insurance.

Beshar said cyber insurance matters "because it creates incentives that drive behavioral change in the marketplace," and insurance requirements would force firms to review their cybersecurity policies, create risk and incident response policies as well as invest more in security systems.

Interested? Investment firms become cybercrime focus, highlights insurance need

Read on: In the world of security

Editorial standards