Proofpoint’s first Domain Fraud Report, which illustrates the main trends and techniques used by cybercrime in domain fraud, shows that between Q1 and Q4 2018, registrations of dangerous domains increased by

Almost all fraudulent domains detected by Proofpoint remained active and ready to be exploited for an attack, and over 90% were associated with an operating server.

Of these, more than 15% have Mail Exchanger (MX) records, with information about sending and receiving emails.

One in four also has security certificates, much higher value than usually happens in the aggregate domain landscape, and many users confuse them, considering them legitimate and safe.

The report provides a complete analysis of the data collected by Proofpoint Active Domains Database, which includes more than 350 million domains and represents virtually all web domains, over a twelve-month period.

Dangerous domains exploit many of the same registrars, web servers and extensions (TLDs) as legitimate domains to take over the identity of a company and manipulate users.

These factors, combined with the high proportion of active web servers, many of which have valid SSL certificates, increase the perception of legitimacy of fictitious domains, in fact increasing the possibility of potential attacks, including the request to make transfers, phishing campaigns, marketing of

Brand Defense

According to the Domain Fraud Report ProofPoint more than 85% of retail companies have found sites that sold counterfeit versions of their products.

On average, each brand has detected over 200 such cases. In addition, unlike other sectors, most of the resale domains had security certificates, which appeared legitimate in the eyes of customers.

96% of companies identified the exact copy of their site, but with a different extension (e.g. Companies in many sectors and countries have been involved in this.

Counterfeit domains use emails for highly targeted attacks. For 94% of the companies analysed, Proofpoint identified at least one dangerous domain that recreates the brand and sends emails.

Many of these domains send a limited number of emails, typical behavior associated with targeted attacks and based on social engineering techniques. The attackers who pretend to belong to well-known retail companies (especially those with a complex ecosystem), and send high messages, belong to the category of criminals who want large-scale attacks, hitting customers and partners.

Market news, such as the introduction of additional extensions, create new opportunities: Proofpoint noted that in 2018, thanks to the introduction of new extensions, such as.app and.icu, hackers were able to register fake domains very similar to real and legitimate ones.

To identify those who are committed to the occupation of domains and to sending phishing campaigns and to stopping their dangerous activities, Proofpoint provides Proofpoint Digital Risk Protection, a solution dedicated explicitly to domain protection.

With machine learning and artificial intelligence, it analyzes a large amount of domain data, to discover any fraudulent activity. Companies are notified in real time via domain expiration alert and SLL certificates to help them maintain a high level of security.

Leave a Reply

Your email address will not be published.

You May Also Like