Phishing Attacks Depend Heavily on New Top Level Domains

When the Internet first began, there were just a handful of top-level domains in use. Top-level domains (TLD) are the letters that come after the “dot” in the URL. Examples include .com, .org and .net.

One of the most-used phishing tactics is domain name spoofing. Domain name spoofing occurs when an attacker uses a domain, that at first glance, looks legitimate, but isn’t because the attacker substituted one or two letters in the domain.

For example, here is what a spoofed Google URL would look like with the Os replaced with zeros: G00GLE.COM.

Domain name spoofing can get pretty sophisticated. Hackers can use a Cyrillic alphabet in which some letters appear identical to ASCII characters but are different letters altogether. For instance, in the Russian alphabet, the lowercase “a” is identical to the lowercase ASCII “a” but it’s not the same. So, if a hacker sent you and an email from amazon.com using a Cyrillic “a”, you’d think it was from Amazon but it would be from a completely different domain.

That’s the trick to domain name spoofing. Use any method available to trick victims into thinking the domain is one thing while it’s actually another. And the hackers now have another weapon in their arsenal: TLDs.

Domain name spoofing using new TLDs is on the rise. According to an article on the website Dark Reading, “Researchers saw ‘significant growth’ in fraudulent domains outside the classic ‘.com,’ ‘.net,’ and ‘.org.’ Some of the lesser known TLDs in fraudulent domains include ‘.top’ (#2), ‘.fr’ (#3), ‘.men’ (#19), and ‘.work’ (50). European country codes are often used among criminals hoping to fool victims with fake links.”

Why do these new TLDs work? Because “If someone sees the name of a well-known bank in a URL, they’re likely to click without noticing a .pop or .xyz at the end.” In essence, we’re more focused on the brand name than the TLD. And unfortunately, this isn’t even a very difficult exploit for hackers to pull off.

When it comes to combating domain name spoofing you basically have two choices: you can be extra vigilant about every link you click on and try and decide if it’s a spoof or you can enlist the help of technology. Advanced phishing protection technology doesn’t care what the URL looks like or even if it’s spoofed. It just follows the link to see if it leads to a malicious website and if it does, it keeps you from clicking on it.

When you want to stop worrying about domain name spoofing forever, head on over to Phish Protection. It comes with Smart Quarantine, real-time link click protection, malicious attachment blocking, display name spoofing protection AND domain name spoofing protection. Try it free for 30 days. You’ll be up and running in 10 minutes.