Attackers mimicking Netflix, Apple, Facebook domains to hoodwink victims

(Image credit: Shutterstock)

Internet users rely on domain names to find the brands, services and websites they use everyday which is why cybercriminals often try to mimic popular online brands to launch phishing scams and other attacks through a process known as cybersquatting.

The purpose of cybersquatting is to confuse users into believing that the targeted brands own the domains they're visiting such as netflix-payments[.]com for Netflix or to profit from typing mistakes made by users such as whatsa1pp[.]com for WhatsApp.

According to a new report from Palo Alto Networks, its squatting detector system discovered that 13,857 squatting domains were registered in December of last year at an average of 450 per day. 

The cybersecurity firm found that 2,595 (18.59%) of squatted domain names were malicious and used to distribute malware or launch phishing attacks while 5,104 (36.57%) of squatting domains studied present a high risk to users who visit them either through association with malicious URLs within the domain or by utilizing bulletproof hosting, which is favored cybercriminals.


Palo Alto Networks' research found that domain squatters generally prefer profitable targets such as mainstream search engines and social media, financial, shopping and banking websites as users are often prepared to share sensitive information when visiting them.

Of the top most abused domains in December of last year, PayPal took the top spot followed by Apple, Royal Bank, Netflix, LinkedIn, Amazon and Dropbox.

When it came to the objectives of these malicious domains, many were used for phishing, malware distribution, command and control (C2), technical support scams and re-bill scams where a phishing site mimics popular services such as Netflix to steal victim's money by first offering a small initial payment to a subscription service.

To prevent falling victim to cybersquatting, Palo Alto Networks recommends that “enterprises block and closely monitor traffic from these domains, while consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site”.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.