sb-as logo
Story image

Domain fraud rampant as criminals cash in

26 Jun 2019

Cybercriminals are cashing in on domain fraud for almost every possible reason – to impersonate businesses, events, and even trusted leaders and celebrities.

According to cybersecurity firm Proofpoint, web domain fraud is rampant as criminals register millions of domains that look similar to genuine websites.

“These include fraudulent domains used to launch phishing attacks, lookalike or ‘typosquatting’ domains that capitalise on unintentional traffic intended for other sites, and domains used to sell knockoff goods or scam customers,” the report explains.

“In addition to registering new domains for fraudulent purposes, fraudsters often exploit existing legitimate domains. Points of transition in a legitimate domain’s life cycle, including expiration and deletion, present an opportunity for fraudsters to take over, often undetected. Businesses across industries are undermined by fraudulent domains.”

This type of fraud plays on people’s trust, rather than technologies – and stories of successful trickery are everywhere. 

Proofpoint’s 2019 Domain Fraud Report found that 96% of its customers that use Proofpoint Digital Risk Protection found exact matches of their brand-owned domain, the only different was the top-level domain (for example, .com or .net).

Furthermore, 94% of customers found that at least one fraudulent domain that imitated their company was sending low volumes of emails, which suggests highly targeted social engineering attacks.

Organisations in the retail sector also noticed domains that were in the business of selling counterfeit goods. 

“On average, each of these customers had more than 200 detections. Businesses that sell high-value goods—for example, luxury fashion, watches or sneakers—experienced a much higher rate. Registrations of counterfeit domains increased 11% between Q1 and Q4 of 2018, spiking in Q3, likely in preparation for Q4 holiday shopping,” the report says.

“More than 85% of top retail brands found domains selling knockoff versions of their products. In fact, the average retail brand had more than 200 such detections.”

While slightly less common, lookalike domains that pose as genuine brands also threaten businesses. According to the report, 76% of customers had encountered a lookalike domain that mimicked their brand. 

The number and variety of domain names is also increasing. Earlier this year a new domain called .dev was launched, however within two weeks of launch 36% of Proofpoint Digital Risk Protection customers found potentially fraudulent sites that used the .dev domain and impersonated their brand.

Google’s .app domain has also been an attractive target for criminals and fraudsters.

Additionally, quarterly domain registrations grew 44% in 2018. Registrations of fraudulent domains also increased 11% during the same period, indicating that criminals are registering millions of new fraudulent domains every year.

The problem is not likely to disappear, particularly while cheap and easy domain registration create low barriers to entry, and as privacy becomes a central focus for the internet, Proofpoint concludes.

Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Zscaler expands CIEM solutions with Trustdome acquisition
Zscaler, the cloud security company, has officially entered into a definitive agreement to acquire Trustdome, a Cloud Infrastructure Entitlement Management (CIEM) company.More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
iland and Cohesity form alliance, target data protection market
"Together with Cohesity, we will deliver elegant and cutting-edge solutions that will take our joint customers’ digital transformation projects to the next level."More