- Cómo trabaja Ikea con la IA: 30.000 empleados formados
- How the web’s foundational tech is evolving in the era of remote work
- ITDM 2025 전망 | “불경기 시대 속 콘텐츠 산업··· 기술이 돌파구를 마련하다” CJ ENM 조성철 엔터부문 CIO
- 50억 달러 피해에서 700명 해고까지··· 2024년 주요 IT 재난 8선
- Network problems delay flights at two oneworld Alliance airlines
Christmas Warning: Threat Actors Impersonate your Favorite Brands to Attack, Finds CSC
In the run-up to Christmas, one of the busiest times for online shopping and e-commerce, we are likely to see a spike in fraudulent domain name registrations.
Domain provider CSC analyzed threatening domains targeting 10 of the biggest brands in the world in a report published on December 6, 2022. These include Amazon, Walmart, McDonald’s, Tencent, Google, Microsoft, Apple and Facebook.
Of 8480 identified unique third-party domain names in their dataset, CSC found that 56% were linked to a live webpage, some of which offered “a range of high-concern content types, including fraud issues like potential phishing sites, and other brand infringements,” according to the report.
Also, 66% of the identified third-party domain names used domain privacy services, “indicating an intention by the owner to mask their identity,” and 35% were configured with active mail exchange (MX) records, “indicating their ability to send and receive emails, making them capable of launching phishing attacks,” the report reads.
While all of these three methods could hint at nefarious motivations, Ihab Shraim, CSC’s CTO, told Infosecurity that various domain name alteration techniques were “often smart and sometimes tricky to detect.”
Aside from the regular typosquatting, the act of changing, withdrawing or adding a character from the original domain name, 3% of the fraudulent third-party domain names used legitimate domains in a fraudulent way to trick users.
“For instance, as the US government uses websites with the whitehouse.gov domain name only, some threat actors registered whitehouse[dot]com or whitehouse[dot]org, which seem harmless but in reality, are fraudulent,” Shraim said.
The report shows a spike in new domain name registrations in April 2022.
“At the beginning of 2022, the restrictions on social distancing started declining in the US, meaning that people would travel more and buy more. And in the US, April is the month tax returns are given back, which means those people have money to buy things. This, combined with the ‘back-to-normal’ period, meant people were going to buy even more – something threat actors anticipated and created more fraudulent domain names to lure some of these buyers,” Shraim explained.
CSC will release a similar work with a regional focus in the next few months.