Early this May, Google announced it was adding eight new top-level domains (TLDs) to the root zone of the internet. These included domain extensions with high commercial potential such as .phd and .prof and others such as .dad, which came out in time for Father’s Day. However, before handing its approximately 10 million domains to Squarespace, it also added two that may cause security concerns for end users.
The two TLDs that could cause headaches among the security community are the new .zip and .mov domains. The reason is that they are also examples of common file extensions and are already widely used to archive files and create video files. And many security experts have been issuing warnings that these new TLDs may lead to end user confusion. For example, say you’re sent a file named setup.zip or receive a .mov video file detailing the latest security training video, when appearing in emails or on social media it may be automatically turned into a clickable link - which scammers are counting on to get you to visit a page that would deliver malware.
Below, we take a closer look at the latest domain impersonation issues that cybercriminals are taking advantage of, the issues they cause for both organizations and consumers and the steps businesses should be taking to avoid the perils that even a well-established institution can face.
Stay vigilant when clicking links
The vast majority of phishing attacks use techniques like email spoofing that hides the criminal's email address, URL shorteners, which mask the true website and typo-squatted domain names which are designed to trick our brains. What most of these have in common is that these attacks rely on a lack of vigilance by consumers when opening an email or clicking a link.
For instance, our brains are sometimes far too intelligent and often will read what we think we see rather than what is actually presented to us. This is called Typoglycemia. When we read text we mainly focus on the first and last letters of a word, followed by the existence of characters we would expect to find. Want proof? Try reading this sentence:
“Our rscheearch sohws the huamn barin can raed tihs eevn if it looks a total mses”
It’s an amazing skill that we develop over our lives but it’s also a weakness, as typo squatters use this knowledge to damage the revenue and reputation of IP and brand holders.
Stuart Fuller is New TLD Services Director at Com Laude.
The perils of .zip and .mov TLDs
It’s because our brains learn to take shortcuts when we read text that domain names are often deliberately registered incorrectly. Last year’s we saw a large-scale phishing campaign reported. The campaign used more than 200 misspelt domains to impersonate 27 brands in order to trick unsuspecting victims into downloading malicious software.
While the new top-level domains will bring a wider choice to web users and more opportunities for consumers and businesses to create new branding opportunities, they are an opportunity for bad actors to register domain names to defraud unsuspecting victims. And attackers have already found ways to misuse them despite only being available since early May.
A blog that’s being widely circulated across the security community shared two URLs and asked readers to spot the legitimate and malicious hyperlink. See if you can spot which was created to download a zipfile and which is a lookalike designed to lure users to a scammer’s website.
https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip
Could you guess which was the malicious link? Yes, it was the first. Take a closer look at them and you’ll find the smallest of irregularities. By using the “@” symbol and unicode slashes, criminals have created a confusingly similar domain that could easily trick people into downloading malicious software.
The brand protection solutions global organizations can use
While there is always the possibility of a small amount of abuse in any TLD, the days of choosing to do nothing and waiting for customers to complain are long gone. Both domain registries and registrars have a commitment to proactively monitor for abusive registrations and remove them from harm’s way as soon as they can.
However, with budgets under pressure and the number of online attacks only likely to increase, choosing where and how to act is key. To decide that, you first need to measure the threat to your business, and its brands and consumers.
Domain name monitoring identifies potentially infringing domain names by spotlighting every domain name in every jurisdiction that includes your brand or business name, plus common typos. But simply providing brand owners with a list of potentially problematic domain names is of little value. Such monitoring services effectively place the burden on internal teams to analyze the results, and – depending on resources and availability – can not only slow down their ability to react but also makes the process much more burdensome than it needs to be.
Steps you can take to protect your brand
Despite several similar domains such as .pics, .app and .movie being available for a number of years without causing headline issues, the good guys need to up their game, stay alert and do everything that is economically possible to implement suitable controls to monitor and block these threats.
By outsourcing your domain management to a provider that uses intelligent domain monitoring services to detect potential infringements, organizations can move quickly to prevent impersonating domain websites from operating and protect their customers and even their own employees.
More sophisticated monitoring services also use an algorithm to rank which sites are having the most impact, and which pose the most immediate threat to revenue and reputation. These monitoring services are ultimately the most efficient and cost-effective way to prevent infringing domain names from being allowed to exist on the internet.
They can scan registered brands in domain names to identify keywords that indicate brand infringement and can identify domains that are the same or confusingly similar and may well be infringing your trademarks.
Managing a domain portfolio isn’t a simple task, and many businesses lack the internal resources to efficiently and securely manage their portfolios. They need a trusted corporate domain provider that can adapt to the changing environment, and keep them abreast of newly emerging types of criminality. This way both you and your customers, can breathe easily.
