Cybercriminals Are Using Domain Fraud to Trick Victims into Using Forged Websites

Cybercriminals are using top level domains (TLD) to their advantage, performing domain fraud in the hopes of directing user traffic towards their own registered sites. Domain fraud happens when hackers register a domain that is made to look legitimate by using, for example, typos in the site name. The domains are meant to imitate real company names.  

In the instance of typo use, these lookalike domains replace letters that are easy to go unnoticed without a second glance. For example, cybercriminals can replace “m” with  “r” and “n” combined and easily trick site visitors into thinking the domain is legitimate. These illegitimate sites with typo-registered domains can be used for phishing schemes in which a hacker may attach their domain link to an email made to look like it came from a real company source. After clicking on the link, victims would be directed to a fake site that asks for users to log in, thereby allowing hackers to steal sensitive credentials. Cybercriminals also use their fake sites for other means like selling counterfeit products of a well-recognized brand. 

Researchers at Proofpoint noted how there has been an 11% increase in malicious domain registrations in 2018, with retail brand sites the main target for such domain fraud. 96% of organizations as part of Proofpoint’s customer base had noticed that their domains were copied as is, with the only exception being the domain name extension change (i.e. .net, .co, .info). 

Due to the extensive variety in domain name extensions, cybercriminals have found it much easier to register domains that copy actual business sites or brand names. Alongside this, the European Union’s General Data Protection Regulation allows privacy for domain registrars thereby making it much more difficult to track cybercriminals. 

Cybersecurity experts warn users to always check the URL for a safety certificate – in which HTTPS is used rather than HTTP – to ensure a fraudulent site isn’t used. However, hackers can always use safety certificates to their advantage, posing their site as one that is legitimate. In this case, it’s always best to double-check the URL spelling or do a quick search on Google to find the actual company site. 

Malware Increases on Google Play Due to Click-Fraud Apps

Since the previous year, there has been a 100 percent increase in the number of malware that comes from Google, specifically Google Play. Google stated that the reason behind this increase is because potentially harmful apps (PHAs) now contain click -fraud apps.

Google later stated that the rates of malware downloads are quite low and customers are better off with the safer option of continuing to download applications from Google Play. According to ZDNet via Google, “28 percent of malware outside the Play Store are backdoors, while 25 percent are trojans, 22 percent are hostile downloads, and just 13 percent are click-fraud apps.”

Google believes that if they remove click-fraud stats, it would show that the PHAs that were installed would decrease by 31%, however, there are about 55 % of PHAs that have been installed through Google Play. The click-fraud apps is an outcome of application developers using SDK, software developer kit, without realizing that it’s the cause of the fraud.

There have been about 1.6 billion PHAs installation attempts in the last year, but Google Play’s anti-malware system prevented this. There has been a 20% improvement in blocking PHAs installations. Chamois, which is the same house of malware, sometimes come preinstalled in certain Android devices. As the article on ZDNet explains, “Chamois apps are preinstalled on popular devices from different OEMs that didn’t carefully scan for malware. As a consequence, users are buying compromised systems. When users start up their new devices, the preinstalled Chamois apps (usually disguised as system apps) download and install PHAs and other apps in the background.”

Beware Of New Credit Card Chip Scam

We may be learning about Virtual Reality and holographic technology in 2016, but the latest wave of scamming is taking a seemingly out-of-date approach with a new twist: E-mail.

Many of you have probably received new credit or debit cards with a little metallic square on the left side. If you’ve gone to the store or bank and tried to swipe the magnetic strip like you’ve been doing for decades, you’ve probably been told to “insert your card and leave it in until the transaction is complete.” That little square is actually an embedded microprocessor chip called an EMV (named after its developers: Europay, MasterCard, and Visa).

In a nutshell, when you swipe the original  magnetic strip, it contains unchanging data that can be replicated over and over again. When you use an EMV, it creates a unique transaction code that is valid only as long as the transaction is in process. By doing this, it adds an additional layer of security and ensures that your information cannot be duplicated.

This chip was designed to drastically reduce fraud in the U.S., since it has more than doubled over the past 7 years. The EMV is new to us in the USA, but has been around for over 20 years. France was the first country to implement EMV chips on credit/debit cards.

After noticing drastic fraud reduction in countries using EMV, the USA is giving it a go – and per usual, scammers are taking a different approach to try and gather your information. Since they know that gathering your transaction data is highly unlikely, they’re resorting to the old, fraudulent email tricks.

By faking email addresses and claiming to be your bank, scammers are sending fake email notices to customers informing them that their chip enabled cards are on the way – but in order for them to take effect, they must update their personal and banking info. The emails are said to look legitimate, using bank graphics and similar email addresses.

The 3 most important takeaways are as follows:

  1. Never reply to an email with ANY personal or banking information.
  2. Never click any links directly from an email. If you need to get to your bank page, type the URL in yourself to ensure the validity of the site you’re accessing.
  3. Never call a number from an email to give your information. If you need to speak to somebody or have questions about the legitimacy of the request, call the number on the back of your card and/or go into a branch location and speak to someone in person.

As for implementation of the EMV card, you will soon see EMV card readers in most places you go. Many major retailers have already transitioned, with man others to follow suit. Mobile card readers are also being updated to abide by the new laws. Automated fuel dispensers have until 2017 to make the change, but are currently following existing fraud liability rulings. Any other parties that haven’t adjusted could potentially face higher costs in the event of any large data breach. Just like when using software, the best thing you can do to ensure your security is to stay up-to-date on practices.

Always practice caution when you receive “bank emails,” or when dealing with anything that seems even the least bit suspicious. Remember to go directly to your trusted source before engaging in communication.