A growing threat: domain name fraud

Domain name fraud a growing risk for businesses and consumers alike, as cybercriminals are able to record millions of domain names every year to imitate the brands and major world events.

Registering a domain name requires very little effort. resources, this fraud is relatively simple to execute and the researchers have even discovered fraudulent domain name services available for purchase on the dark web. These services simplify the task of cybercriminals with no Web design skills to reproduce quickly access a brand’s website, purchase security certificates and even fake company documentation.

Reports showthat cybercriminals are now registering millions of domain names every year in order to impersonate household brands . Domain name fraud is as cheap as it is easy. All cybercriminals have to do is buy the domain names they want, copy the websites linked to these domains, then procure or create security certificates and fake company documentation to make them look legitimate.

One of the most penalizing cybercrime practices for companies is to buy back a company’s domain name when it has not been renewed (often through forgetfulness). This enables cybercriminals to sell the domain back to the former owner at a huge price, or to take advantage of the SEO scoring attached to the domain name to sell products or rip off potential users. This means that users who trust the company that normally owns the domain name are likely to be defrauded.
To counter this, Gandi offers an automatic renewal option for all its customers, so you have no risk of having your domain name if you continue to renew it as soon as it expires.

Cybersecurity experts Proofpoint recently published a report on domain fraud in 2019, in which they highlight the latest trends in the field and explain how cybercriminals are pushing victims towards the fraudulent domains they have set up.

One of the most worrying tactics suggested by the report simply consists of “hiding” using the same TLD (e.g. .com, .co.uk or .net). So 52% of all new domain registrations last year used the .com TLD, while that nearly 40% of new fraudulent domain registrations used also .com.

The statistics, common to all business sectors, are worrying:
– 76% of companies found similar domains posing as them,
– 85% of companies selling products online have identified sites offering counterfeit versions of their products.
– 96% found exact replicas of their current domains with a different TLD.

Analyses have shown that in 94% of cases, activities have been observed with these fraudulent domains. At at least one of these fraudulent domains was sending out an e-mail to the victim company. However, in most cases, the volume of e-mail coming from these accounts was very low, which which suggests highly targeted attacks.

Domain fraud can be just as damaging as a cyber attack, and businesses and individuals need to carefully check the sites they visit to make sure they’re not falling victim to potential scams. At Altospam, we have set up techniques to detect counterfeit domains. And we’re particularly vigilant if an email comes from a counterfeit domain to the targeted company. This is often a case of spear-phishingor, more precisely, a “president scam“.