Fraudulent domains are remaining active for longer

Man using download manager on laptop
Image credit: Unsplash (Image credit: Unsplash)

Domain fraud is a growing risk for businesses and consumers as cybercriminals register millions of domains to impersonate brands and major global events each year.

As registering a domain requires little more than an internet connection, domain fraud is fairly simple to execute and researchers have even discovered fraudulent domain services available for purchase on the dark web. These services make it simple for cybercriminals with no web design skills to quickly replicate a brand's website on their domains, buy security certificates and even fake company documentation.

In its 2019 Domain Fraud Report, Proofpoint sheds light on the latest trends shaping the domain landscape and the tactics used by cybercriminals to trick users into visiting their fraudulent domains.

One of these tactics is hiding in plain sight as fraudulent domains often use many of the same top-level domains (TLDs), registrars and web servers used by legitimate domains. For example, 52 percent of all new domain registrations last year used the .com TLD while nearly 40 percent of new fraudulent domain registrations also used .com.

Threat to businesses

Proofpoint's research also showed that domain fraud is a widespread threat to businesses. Proofpoint Digital Risk Protection customers from a wide variety of industries all faced threats from fraudulent domains with 76 percent finding “lookalike” domains posing as their brand, 96 percent found exact matches of their domains with a different TLD and 85 percent of retail brands found domains selling counterfeit goods.

The company's researchers also observed email activity for fraudulent domains to discover that 94 percent of it customers found that at least one of their fraudulent domain detections was sending email. However, for the most part Proofpoint observed low volumes of email from these accounts which points to highly targeted and socially engineered attacks such as business email compromise (BEC).

Finally the company's researchers observed how market factors such as pricing and availability appear to influence the behavior of domain fraudsters. Proofpoint highlighted how the launch of the .dev TLD in February was immediately followed by 30 percent of its customers finding potentially fraudulent domains using the new TLD with their brand name just two weeks after its launch.

Domain fraud can be just as damaging as a cyberattack and businesses and individuals need to carefully check the sites they visit to ensure they're not falling victim to any potential scams.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.