The emergence of top-level domains, such as .xyz, has fuelled an uptick in spoofed websites being used to wage targeted phishing attacks, says Dave Jevans, co-founder and chairman of the Anti-Phishing Working Group, a global organization that monitors phishing. This is making it tougher to mitigate phishing threats, and points to the need for greater cyberthreat information sharing, he says.
In its most recent review of phishing trends, the APWG found that top-level domains, which are vetted by the Internet Corporation for Assigned Names and Number, better known as ICANN, are being increasingly targeted by hackers, Jevans says in an interview with Information Security Media Group.
While top-level domains go through a more stringent approval process - and were created to help eliminate phishing - poor fraud-detection controls have allowed these new domains to be exploited by fraudsters, the APWG notes in its just-released Global Phishing Survey.
Jevans says many of the attacks being waged against these domains are difficult to detect, which is why sharing cyberthreat intelligence information about emerging threat vectors is so critical.
"One of the findings we focused on was to dig a little deeper into the top-level domains," Jevans says. "The overall phishing rates of these domains, these TLDs, are going up, and we expect to see an increase. Each of these TLDs is targeting certain markets ... and the way that they accept payments, etc., are all things that the bad guys are exploring and mapping."
Over the next six months, the APWG expects to see more spoofed sites that mimic TLDs, he adds. "With these new TLDs, I think it could be easier to spoof ... than a traditional .com."
Some TLDs, such as .bank, do have a more privileged position, in that companies signing up to use that domain go through a more stringent vetting process, Jevans says, making .bank difficult to spoof. Other TLDs, however, such as China's recently released .cn, do not have the same type of approval process, he notes.
"Chinese hackers are taking advantage of the changes in policies in .cn," Jevans points out. ".bank has the privileged position of being very exclusive, relative to who can register domains inside of it. So we don't have to worry so much about bad guys standing up a domain under .bank."
With .cn and others, however, that's not the case, because almost anyone can register a domain using some of these new TLDs, he adds.
Jevans says many TLDs could easily be spoofed by hackers to create "fake" domains that could easily fool users who are accustomed to only seeing .com or .org domains.
During this interview, Jevan explains:
- Why social media and online users' habits of clicking on links to access domains through email is a concern;
- Fraud-mitigation steps and policies organizations can take to ensure their domains are not compromised; and
- The role weak domain registrar policies are playing in upticks in phishing campaigns.
Jevans, who also serves as chief technology officer of mobile security firm Marble Security, has 20 years of experience in Internet security. His previous positions include senior management roles at Tumbleweed Communications, Valicert, Teros, Differential and Iron Key. Serving on the CEO's technology council at Apple Computer, Jevans helped to develop the company's Internet strategy.