Cyber criminals are regularly mimicking the domain names of major global brands in order to launch consumer scams – a practice known as cyber-squatting.
This was one of the key findings in a recent study by Palo Alto Networks. The cybersecurity firm’s research found that the types of domains most commonly impersonated by scammers are those which relate to the world’s most profitable companies, including mainstream search engines, social media, financial, and shopping sites.
The primary purpose of cyber-squatting is to launch phishing scams on users as a means of stealing their credentials or financial information, giving the cyber criminals access to the users’ personal information or money.
Companies in the top 20 most abused domains in December 2019, based on adjusted malicious rate, included global giants such as PayPal, Apple, Netflix and Amazon.
Cyber-squatting involves registering domain names with intentionally misspelt variants of brand names, in an attempt to trick users into believing these domains are associated with the legitimate brands. The practice is not always done with malicious intent; however, many of these domains pose a serious cyber-risk to users, making the practice of cyber-squatting illegal in the US.
Palo Alto Networks’ study suggested that 36.57% of squatted domain names registered in December 2019 had evidence of association malicious URLs within the domain or utilised bulletproof hosting, while a further 18.59% were reported as being malicious through the distribution of malware and the conducting of phishing attacks. A total of 13,857 squatting domains were found to be registered in December 2019, working out to a whopping 450 a month.
The cyber-security firm also noted a variety of malicious domains which had different objectives in the period from December 2019 to date. These included a domain related to Amazon which specifically targeted mobile users in India to steal user credentials, and domains related to Samsung and Walmart which distributed potentially unwanted programmes such as spyware.
A Palo Alto Networks spokesperson said: “Domain squatting techniques leverage the fact that users rely on domain names to identify brands and services on the Internet. These squatting domains are often used for nefarious activities, including phishing, malware and PUP distribution, C2 and various scams.
“We recommend that enterprises block and closely monitor their traffic, while consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site.”