The move to greater privacy for individuals and their data has had a negative effect in the world of online fraud because governments and analysts are having a harder time finding those behind websites set up to defraud people, a new report says.
Once upon a time in the online world, if you wanted to discover who was behind a top-level website or domain, you could go to registration sites and find the information easily.
Those domains come with extensions such as .com or .net. Registrars handle who receives site designations, but those registrars must be accredited by the Internet Corporation for Assigned Names and Numbers, which performs technical maintenance work of central internet address pools.
That ease of discovery has now vanished.
That has made it easier for hucksters to hide behind greater online anonymity, increasing the chances that people are going to be taken in by fraudsters where accountability has been removed due to privacy laws, said a report released June 17 by California-based global online security firm Proofpoint.
That means the fraudsters can mimic websites, alter names ever so slightly to fool customers of the legitimate sites or hide behind brand names.
“Domain fraud is an attractive attack method used by cyber criminals,” the report said. “Privacy features offered by most registrars and regulations like European Union General Data Protection Regulation have made it easy to remain anonymous. And, most important, fraudulent domains provide the basis for a wide range of attacks such as wire transfer fraud, phishing, counterfeit good sales, scams and other new methods.”
The information that had been previously available had also been used by cybercriminals, spammers, identity thieves and direct marketers to harass people and companies whose details were listed in so-called ‘whois’ services, which detailed domain ownership.
Now, domains – or the top level websites under which other subsidiary or linked sites are created – can be almost anonymous. And, said the report, if they are connected with so-called MX servers, they can also host email services which can be used to attack individuals or networks.
“These services make it simple for criminals with no web design skills to quickly replicate a brand’s website on their domains, buy security certificates and even fake company documentation,” a company blog said.
And, added Proofpoint vice-president of threat operations Kevin Epstein, domain fraud generally targets people rather than technology, frequently using social engineering tactics to trick users into believing their domains are legitimate and trustworthy.
Many websites offer a security certificate to prove authenticity as well as an ‘https’ site name prefix. This may not be what it seems to b, however. Epstein said all that means is the data transmitted is done so in an encrypted manner.
As well, the report said, the number of newly registered fraudulent domains continues to climb – a trend expected to continue after Google said Chrome would begin announcing that sites without certificates are not secure.
The issue may or may not fall under Canada’s Competition Act, said Competition Bureau Canada communications officer Jean-Philippe Lepage.
He said legislation prohibits making false or misleading representations and also prevents allowing others to make such representations.
“A representation is material if it could lead a person to a course of conduct that, on the basis of the representation, he or she believes to be advantageous,” he said.
However, Lepage added, the bureau evaluates each case individually and can’t comment on theoretical issues.
So how can you avoid being defrauded?
If you receive an email with a mysterious link, don’t click it. Type it into the menu bar.
“Choose where you go rather than be directed where you go,” Epstein said.
Look at website names carefully. Make sure the spelling is correct for known entities. Remember than a lower case ‘L’ can look like an uppercase ‘I.’
Proofpoint said the top web servers for domains selling counterfeit goods are Apache, Cloudflare, Nginx and LiteSpeed.
The top five registrars for domains selling counterfeit goods are Chengdu West Dimension Digital Technology Co., Ltd.; NameSilo, LLC; PDR Ltd.; Hosting Concepts BV and Alibaba Cloud Computing Beijing Co.
The top registrars for top line domain attacks are GoDaddy.com LLC, Namecheap, Alibaba Cloud Computing Beijing Co., PDR Ltd. and Tucows Domains Inc., Proofpoint said.
And, the top registrars for fraudulent domains are Chengdu West Dimension Digital, NameSilo, PDR Ltd., GoDaddy.com and Hosting Concepts BV.
Queries to the Canadian Anti-Fraud Centre were not responded to.
— Jeremy Hainsworth, Glacier Media
