*Source: APWG Global Phishing Report
What is ‘phishing’?
Phishing is using fake websites to trick people into giving sensitive information, such as personal data or payment details. Phishers will sometimes copy a whole webshop, including the product range and payment system, purely to get customers to enter their card details. Those details are then sold to other criminals or used by the phishers themselves to make purchases from real webshops, paid for from the duped customers' accounts.
A domain name is a valuable asset. Your domain name enables customers to go straight to your website. Many people also look at a domain name to tell whether they are on the site that they meant to visit.
They will trust the site at www.myonlinebikeshop.nl, for example, but not a site with an unfamiliar foreign name, such as www.freehost.pl/t/83/myonlinebikeshop/. However, the trust that users put in familiar names makes them vulnerable. And fraudsters cash in on that vulnerability.
A new wave of phishers are making use of sophisticated techniques. One of their tactics is 'typosquatting': registering a domain name very similar to the name of a well-known organisation or webshop, but with a subtle difference (e.g. www.myonljnebikeshop.nl).
People who make a slip when typing are then liable to end up looking at the squatter's site – often a fake webshop.
It takes a sharp eye to notice that the domain name in a browser's address bar is just one or two letters different from what's expected. So visitors frequently don't suspect that the webshop they've reached is a fake. As a result, domain names that resemble trusted names are very attractive to phishers who want to get hold of customers' passwords or card details, for example.
Abuse of brand names
Another approach used by fraudsters is to register a domain name that includes a brand name and looks like the sort of name a trusted site would use. In 2014, for example, a site went on line at www.mediamarktoutlet.nl. A substantial number of visitors were soon tricked into placing orders, thinking that the site they were on was linked to the well-known Dutch retailer Mediamarkt.
Payments left the victims' accounts, but no goods were ever sent. As well as hitting innocent consumers, the incident had undesirable implications for the Mediamarkt brand.
Domain Name Surveillance Service
To help tackle abuses such as those described, SIDN has developed the Domain Name Surveillance Service (DBS). The service enables subscribers to monitor relevant .nl registrations in real time. Every time the system detects a registration that could be linked to typosquatting or brand name abuse, the subscriber is alerted. The subscriber tells the DBS what name or word is to be protected, and the system looks out for all possible variations of it. So subscribers are able to respond quickly to any abusive registration – by challenging the registration or warning customers about a fake webshop and the dangers posed by phishing.
If you'd like to know more about the Domain Name Surveillance Service, visit [English URL]. Two versions of the Domain Name Surveillance Service are available. There is a web version, which features a user-friendly interface for entering search terms and dealing with abusive registrations. And there is a feed version, designed mainly for companies that want to build their own applications powered by DBS data, or integrate DBS alerts into existing workflows.