Domain name fraud a growing risk
for businesses and consumers alike, as cybercriminals are able to record
millions of domain names every year to imitate the brands and
major world events.
Registering a domain name requires very little effort.
resources, this fraud is relatively simple to execute and the
researchers have even discovered fraudulent domain name services
available for purchase on the dark web. These services simplify the task of
cybercriminals with no Web design skills to reproduce
quickly access a brand’s website, purchase security certificates and
even fake company documentation.
Reports showthat cybercriminals are now registering millions of domain names every year in order to impersonate household brands . Domain name fraud is as cheap as it is easy. All cybercriminals have to do is buy the domain names they want, copy the websites linked to these domains, then procure or create security certificates and fake company documentation to make them look legitimate.
One of the most penalizing cybercrime practices for companies is to buy back a company’s domain name when it has not been renewed (often through forgetfulness). This enables cybercriminals to sell the domain back to the former owner at a huge price, or to take advantage of the SEO scoring attached to the domain name to sell products or rip off potential users. This means that users who trust the company that normally owns the domain name are likely to be defrauded.
To counter this, Gandi offers an automatic renewal option for all its customers, so you have no risk of having your
if you continue to renew it as soon as it expires.
Cybersecurity experts Proofpoint recently published a report on domain fraud in 2019, in which they highlight the latest trends in the field and explain how cybercriminals are pushing victims towards the fraudulent domains they have set up.
One of the most worrying tactics suggested by the
report simply consists of “hiding” using the same
TLD (e.g. .com, .co.uk or .net). So 52% of all new
domain registrations last year used the .com TLD, while
that nearly 40% of new fraudulent domain registrations used
The statistics, common to all business sectors, are worrying:
– 76% of companies found similar domains posing as them,
– 85% of companies selling products online have identified sites offering counterfeit versions of their products.
– 96% found exact replicas of their current domains with a different TLD.
Analyses have shown that in 94% of cases, activities
have been observed with these fraudulent domains. At
at least one of these fraudulent domains was sending out an e-mail to
the victim company. However, in most cases, the
volume of e-mail coming from these accounts was very low, which
which suggests highly targeted attacks.
Domain fraud can be just as damaging as a cyber attack, and businesses and individuals need to carefully check the sites they visit to make sure they’re not falling victim to potential scams. At Altospam, we have set up techniques to detect counterfeit domains. And we’re particularly vigilant if an email comes from a counterfeit domain to the targeted company. This is often a case of spear-phishingor, more precisely, a “president scam“.