Retail brands popular as domain names for phishing sites

More than six hundred .nl domain names based on Dutch retail brands are linked to phishing sites. But some retail sectors' brands are much more likely to be abused than others. Brands in the food and stimulants sector are most likely to be targeted. The findings come from research by SIDN into the potential abuse of Twinkle100 brand names for .nl domain names. Nearly twenty thousand domain names with strong resemblance to Dutch Twinkle100 retail brands were checked out.

Thumb-Albert-Heijn-winkelmandje

SIDN's analysis indicated that 3 per cent of the checked domain names were very probably being used for phishing sites. However, the figure for domain names resembling food and stimulants retail brands was significantly higher: 6.3 per cent. Another outlier was the education and leisure sector, where 4.5 per cent of the analysed domain names were suspect. Fortunately, a proactive approach to abuse prevention is known to be effective: companies that act against typosquat domain names can substantially reduce scams linked to their brands.

Payment data

Phishing sites are set up by scammers with the aim of harvesting payment data from unsuspecting visitors. A common tactic is to use a domain name that looks like a trusted brand name. So, for example, a single letter will be added or left out (e.g. 'brunaa.nl'), or a zero used instead the letter 'o', a dot is omitted (e.g. wwwah.nl) or similar-sounding letters switched (e.g. 'k' for 'c' in 'christineleduk.nl'), or a synonym used (e.g. 'vitaminshop' for 'vitaminstore').

SIDN used the Domain Name Surveillance Service (DBS) to analyse all the brand names of retailers in the Twinkle100. First, all the .nl domain names that incorporated or closely resembled the brand names were identified. Nearly twenty thousand were found. The flagged domain names were then classified using an automated procedure that looks at various characteristics. The classification process isn't 100 per cent reliable, but gives a strong indication of how the domain names are being used.

Shutting down scam sites

"By working with the Consumers' Association and others, we've already managed to take down a large number of fake webshops," says SIDN's CEO Roelof Meijer. "However, our analysis shows that scams are a persistent problem. Consumers therefore need to remain vigilant. Improbably low prices, badly written text and payment systems that only accept cryptocurrency are all signs that a website isn't what it seems to be."

According to the Dutch police's Internet Fraud Reporting Service, the average victim of a fake webshop scam loses about € 200. "Every incident also dents the reputation of the retailer whose name is abused," adds Meijer. "So it pays to monitor for potential abuses. And we know that monitoring is effective."

Comments

Marnie-van-Duijnhoven_Thumbnail

Marnie van Duijnhoven

communications manager

+31 26 352 55 00

  • Tuesday 5 February 2019

    About SIDN

    Netherlands falls further behind on IPv6

    Thumb-red-arrow-going-down

    Countries everywhere are overtaking the Dutch

    Read more
  • Wednesday 30 January 2019

    About SIDN

    Developers want to clean up DNS software code

    Thumb-software-developer-programming-code-on-computer

    "Nearly a quarter of the code is now for workarounds and corner cases"

    Read more
  • Monday 17 December 2018

    Knowledge

    IDnext and SIDN intensify collaboration

    Thumb-logo-IDnext

    Joint IDnext event will promote innovation in the field of digital identification

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.