Story image

Domain fraud rampant as criminals cash in

26 Jun 2019

Cybercriminals are cashing in on domain fraud for almost every possible reason – to impersonate businesses, events, and even trusted leaders and celebrities.

According to cybersecurity firm Proofpoint, web domain fraud is rampant as criminals register millions of domains that look similar to genuine websites.

“These include fraudulent domains used to launch phishing attacks, lookalike or ‘typosquatting’ domains that capitalise on unintentional traffic intended for other sites, and domains used to sell knockoff goods or scam customers,” the report explains.

“In addition to registering new domains for fraudulent purposes, fraudsters often exploit existing legitimate domains. Points of transition in a legitimate domain’s life cycle, including expiration and deletion, present an opportunity for fraudsters to take over, often undetected. Businesses across industries are undermined by fraudulent domains.”

This type of fraud plays on people’s trust, rather than technologies – and stories of successful trickery are everywhere. 

Proofpoint’s 2019 Domain Fraud Report found that 96% of its customers that use Proofpoint Digital Risk Protection found exact matches of their brand-owned domain, the only different was the top-level domain (for example, .com or .net).

Furthermore, 94% of customers found that at least one fraudulent domain that imitated their company was sending low volumes of emails, which suggests highly targeted social engineering attacks.

Organisations in the retail sector also noticed domains that were in the business of selling counterfeit goods. 

“On average, each of these customers had more than 200 detections. Businesses that sell high-value goods—for example, luxury fashion, watches or sneakers—experienced a much higher rate. Registrations of counterfeit domains increased 11% between Q1 and Q4 of 2018, spiking in Q3, likely in preparation for Q4 holiday shopping,” the report says.

“More than 85% of top retail brands found domains selling knockoff versions of their products. In fact, the average retail brand had more than 200 such detections.”

While slightly less common, lookalike domains that pose as genuine brands also threaten businesses. According to the report, 76% of customers had encountered a lookalike domain that mimicked their brand. 

The number and variety of domain names is also increasing. Earlier this year a new domain called .dev was launched, however within two weeks of launch 36% of Proofpoint Digital Risk Protection customers found potentially fraudulent sites that used the .dev domain and impersonated their brand.

Google’s .app domain has also been an attractive target for criminals and fraudsters.

Additionally, quarterly domain registrations grew 44% in 2018. Registrations of fraudulent domains also increased 11% during the same period, indicating that criminals are registering millions of new fraudulent domains every year.

The problem is not likely to disappear, particularly while cheap and easy domain registration create low barriers to entry, and as privacy becomes a central focus for the internet, Proofpoint concludes.