First of all, what is Cybersquatting?
With the intent of profiting from user mistakes, cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands. Cybersquatting in action will see attackers mimicking domains of major brands like Facebook, Amazon, Netflix, or Apple to scam consumers.
Have you ever received an email from a reputable brand only to realize it’s a scam? You were likely a victim of cybersquatting.
Let’s dig in more…
To be clear, the companies in question are in no way involved–though for those completing the cybersquatting, it is illegal in the United States. Unfortunately, cyber attackers target reputable brands (think: Netflix) using domains that appear to be legitimate. Example: netflix-payments[.]com. To the user, it looks legitimate. But in reality, you are a victim of cybersecurity fraud if you click the link.
A new study by Palo Alto Networks revealed the following findings by the numbers:
- 13,857 squatting domains were registered in December 2019 (450/day average)
- 18.59% of squatted domain names are malicious
- 36.57% of squatting domains are a high risk for users that visit or click the URL
The Palo Alto Networks study also found that the most profitable companies worldwide were most heavily targeted by cybersquatters. Think: social media, mainstream search engines, shopping, financial and banking websites. This makes perfect sense: the more reputable the brand or company, the more likely users are to trust an email from that brand and click a malicious link or visit a malicious website.
Through this, cybersquatters distribute malware and carry out phishing attacks in which they steal money or credentials.
The general idea of cybersquatting is that cyberattacks leverage user trust in brand name recognition to provide validity for opening an email, clicking a link, or visiting a website.
Unfortunately, we now live in a time where users can’t take brand names at face value–they need to take safe internet browsing a step further by manually checking domains to make sure they are legitimate.
If you are curious about additional ways to provide yourself personally or your company’s employees from cybersquatting, reach out to PK Tech. We can recommend additional malware software and help educate you and your employees on what to watch out for. Visit our website and contact us here.