Businesses are at risk from fraudulent domains, research reveals

The Domain Fraud Report 2019 by Proofpoint analysed over 350 million domains to help identity domain trends on a global and regional scale.

It was identified that domain fraud is a threat to businesses across a variety of industries and geographies with 76% of respondents finding “lookalike” domains posing as their brand, and 85% of retail brands finding domains selling counterfeit goods.

The report found that the top registrars across all domain registrations included GoDaddy, NameCheap, Chengdu West Dimension Digital, NameSilo and Public Domain Registry. The majority of fraudulent domains have been detected as active with more than 90% associated with a live server.

It had been identified that cyber criminals use security certificates in 26% of their domains.

The report wrote:

“This finding is especially concerning because all those years of “trust the padlock” training have led many internet users to perceive these sites as legitimate.”

The report further explained that a security certificate signifies that the data transmitted between the user’s browser and the site is encrypted and therefore third parties cannot intercept and read the information, and not that the site has been validated as trusted.

Amongst the findings, it was discovered that 94% of respondents observed at least one their fraudulent domain detections sending email in 2018.

“For 96% of fraudulent domains sending email, we saw fewer than 100 emails on the first date of email activity.”

With fraudulent domains impersonating well known retail brands – much higher volumes of emails had been observed which suggests that more broad-based attacks against customers and partners.

It was also observed that pricing, availability and other market factors appear to influence the behaviour of domain fraudsters.

Ali Mesdaq from Proofpoint wrote in a blog post:

“Fraudulent domains “hide in plain sight” by using many of the same top-level domains (TLDs), registrars, and web servers as legitimate domains. For example, 52% of all new domain registrations in 2018 used the .com TLD. The TLD was similarly popular with fraudsters: nearly 40% of new fraudulent domain registrations used .com.

“Because fraudulent domains camouflage themselves, there is no single factor that definitively indicates whether a domain is fraudulent or not. And a previously innocuous (or inactive) domain can quickly turn fraudulent if ownership changes hands. Assessing security risk requires a comprehensive and continuous analysis of domain characteristics and website content.”

It was also observed that pricing, availability and other market factors appear to influence the behaviour of domain fraudsters.


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.