Saturday, April 7, 2018

The latest domain name scam involves changing .com to .cm in a web address in order to fool unsuspecting victims into clicking a link to a nefarious web site that looks a lot like the real thing.

Domain names are used to identify web pages on the Internet. In a web page address (also known as a "URL," for uniform resource locator), the domain name identifies the realm of the administrative authority that controls the domain.

For example, in the URL https://support.microsoft.com/en-us, the domain name is microsoft.com. The suffix of the domain indicates which top level domain it belongs to. Common suffixes (sometimes called domain extensions) are .com, .edu, .net, .org, .gov, .mil, .biz, .info and .us.

Some other top-level domain names are facebook.com, villanova.edu, billygraham.org, fdic.gov and navy.mil. Here's another: parliament.uk. For this one, the domain name extension is ".uk," which is a country code for United Kingdom.

Anyone can register a domain name for an annual fee.

With this particular ".cm" ruse, someone registers a trusted name using the .cm extension. In actuality, .cm represents the country Cameroon. But, as we said, anyone can buy a domain name, provided it's not already taken.

Say I was quick on the draw and registered facebook.cm before Mark Zuckerberg thought to reserve it. If I was a bad guy, I could then stand up a web server at facebook.cm and use it to mine bitcoin, store porn or serve up malware--you name it. Then I could buy a spam email list on the dark web and send tens of thousands of phishing emails to people that point to a web page on my facebook.cm server. I can guarantee you that a certain percentage of those recipients would take the bait and click that malicious link. It looks too much like the real thing.

Never click links in unexpected emails. Personally, I treat every link as suspicious. To protect yourself, before you click any link, hover over it with your mouse pointer to view the real URL behind the text. Scrutinize the domain name. Is it a domain you trust? Is it spelled properly? When in doubt, don't click. The safest route to a web site is to type the address into your browser address bar yourself, then store it as a bookmark.

For details, see Brian Krebs' article at https://krebsonsecurity.com/2018/04/dot-cm-typosquatting-sites-visited-12m-times-so-far-in-2018/.

No comments:

Post a Comment