Web domain fraud is skyrocketing, according to statistics from a new report. The reason why this is a huge issue is that cybercriminals can utilize this attack method to social engineer sensitive information from unsuspecting victims. This information can include names, addresses, phone numbers, banking accounts, credit card numbers, and more. Web domain fraud is rather easy to pull off with some technical know-how, and the statistics explain the attack’s efficacy in more detail.
The report in question comes from Proofpoint’s 2019 Domain Fraud Report and is also covered in a blog post by Proofpoint researcher Ali Mesdaq. The blog post, entitled “Domain Fraud Threats, Hiding in Plain Sight: Key Takeaways from the 2019 Domain Fraud Report,” does an excellent job of condensing the key data from the 2019web domain fraud report. There is a great deal to cover, so I recommend you read both the blog post and the report if you want a more in-depth look at this issue.
Major points to take away from Proofpoint’s research on web domain fraud is quoted as follows:
Fraudulent domains “hide in plain sight” by using many of the same top-level domains (TLDs), registrars, and web servers as legitimate domains. For example, 52% of all new domain registrations in 2018 used the .com TLD. The TLD was similarly popular with fraudsters: nearly 40% of new fraudulent domain registrations used .com...
Our research showed that domain fraud is a widespread threat to businesses. Proofpoint Digital Risk Protection customers across a wide variety of industries all faced threats from fraudulent domains. For example:
- 76% found “lookalike” domains posing as their brand
- 96% found exact matches of their brand-owned domain with a different TLD (e.g., “.net” vs. “.com”)
- 85% of retail brands found domains selling counterfeit goods
With all of this in mind, what can potential victims of web domain fraud do? One thing is to get educated on the glaring reality that this data presents. There is a high chance that somebody within your place of business or a customer of your business will reach a fake domain instead if yours. Send out alerts to customers and employees how to recognize your website vs. a fake. There are also programs that offer assistance in protecting your domains. For instance, Proofpoint has such a service. Using brand protection software isn’t a silver bullet — nothing is — but it may increase your chances of protection against web domain fraud for both your employees and customers.