What’s Really Going On in the World of Domain Squatting
Ever notice how some shady websites try to look like your favorite brands? Palo Alto Networks’ Unit 42 (the geek squad that stalks cyber‑crime) has just dropped a report saying the bad guys have been cloning big‑name domains more than ever.
Key Stats (turning up the heat)
- From Dec 2019 to now: 13,857 fake domains signed up.
- More than 55 % of those are downright malicious or pose a high risk to anyone who clicks them.
- The Top 20 spoofs involve heavy hitters: Amazon India, Apple, Microsoft, Facebook, and even Shopee Taiwan.
So if your inbox shows up a commerce site that looks too similar to a trusted giant, keep your guard up. Those squatted domains are more than just a copy‑cat stunt; they’re a full‑blown scam machine!
How it works
<img alt="" data-caption="A list of the most spoofed sites.
PHOTO: Palo Alto” data-entity-type=”file” data-entity-uuid=”06dc6c47-de1a-42ff-bed0-3c69e2d03c83″ src=”/sites/default/files/inline-images/chart1.jpg”/>Users on the internet rely on domain names like www.facebook.com , www.shopee.sg , www.lazada.com , and www.amazon.sg , to find brands, services, professionals and personal websites.
To take advantage of this, cybercriminals have been cybersquatting where they register domain names that appear related to existing domains or brands, with the intent of profiting from user mistakes.
It was noticed that there were different goals to the malicious URLs:
Phishing: A domain mimicking Amazon (amazon-india.online) set up to steal user credentials, specifically targeting mobile users in India.
Malware distribution: A domain mimicking Samsung (samsungeblyaiphone.com) hosting Azorult malware to steal credit card information.
Command and control (C2): Domains mimicking Microsoft (microsoft-store-drm-server.com and microsoft-sback-server.com) attempting to conduct C2 attacks to compromise an entire network.
Re-bill scam: Several phishing sites mimicking Netflix (such as netflixbrazilcovid.com) set up to steal victims’ money by first offering a small initial payment for a subscription to a product like weight loss pills. However, if users don’t cancel the subscription after the promotion period, a much higher cost will be charged to their credit cards, usually US$50-100.
Potentially unwanted program (PUP): Domains Samsung (samsungpr0mo.online) distributing PUP, such as spyware, adware or a browser extension. They usually perform unwanted changes, like changing the browser’s default page or hijacking the browser to insert ads. Of note, the Samsung domain looks like a legitimate Australia educational news website.
Technical support scam: Domains mimicking Microsoft (such as microsoft-alert.club) trying to scare users into paying for fake customer support.
Reward scam: A domain mimicking Facebook (facebookwinners2020.com) scamming users with rewards, such as free products or money. To claim the prize, users need to fill out a form with their personal information such as date of birth, phone number, occupation and income.
Domain parking: A domain mimicking RBC Royal Bank (rbyroyalbank.com) leveraging a popular parking service, ParkingCrew, to generate profit based on how many users land on the site and click the advertisements.
Staying safe and secure
<img alt="" data-caption="A spoof site trying to get you to install malware.
PHOTO: Palo Alto” data-entity-type=”file” data-entity-uuid=”ea09e169-2c4d-44f9-985e-f79bd845bb7f” src=”/sites/default/files/inline-images/word1.jpg”/>
Staying Safe Online: A Necessity, Not an Option
Doing business on the web? Treat safety as your new routine. I caught up with Vicky Ray, the principal researcher at Unit 42, Palo Alto Networks, and got some handy‑tuned advice for everyone.
Quick Fixes to Keep You Out of Trouble
- Watch for sneaky typos – a single misplaced letter in a URL can whisk you away to the wrong site.
- Mind the redirection con game – flashy ads that lead you to extra landing pages may look legit, but they’re often a playground for cybersquatters.
- Certificates aren’t a magic shield – even a “trusted” CA can hand out certificates to malicious sites.
- Too good to be true? Trust your gut. – if something feels suspiciously sweet, it probably is.
- Do a WHOIS check – double‑check domain registration details on various lookup services to confirm authenticity.
- Freeze it with 2FA/MFA – whenever the option appears, lock it in with multi‑factor authentication.
Bottom line: stay vigilant, check twice, and secure everything you can. That’s how you keep moving forward safely in the digital world.
Originally published on Hardware Zone.
