Cybercriminals are using fraudulent domains to lure unsuspecting members of the public towards spoofs of well-known UK charities, for malicious purposes, according to the results of a DomainTools investigation.
Following on from the National Cyber Security Centre’s warning that cybersecurity poses the most serious threat to UK charities, DomainTools selected ten well-known and popular charitable organizations in the UK to analyse, and found that every charity selected was being spoofed online by cybercriminals, who often used typos in order to dupe unsuspecting Internet users. The team analysed domains associated with Cancer Research, The National Trust, NSPCC, Oxfam, The Red Cross, Salvation Army, Wateraid, Save The Children and Unicef. In total, over 170 domains were deemed high-risk for phishing, malware and other forms of cybercrime. Some examples of fraudulent domains with risk scores of 100 – the highest possible score – include:
“It remains incredibly easy for anyone to purchase an available domain,” said Tim Helming, director of product management at DomainTools. “This is part of what helps keep the Internet open and democratic, but it also helps cybercriminals exploit users. In this case the spoofing of charity websites has the added benefit of exploiting people’s wish to donate to these charities, making them a particularly lucrative target.”
Explaining the method by which these websites will be introduced to Internet users, Helming explained “these domains will often be directed towards people via email or SMS phishing campaigns, which hope to encourage users to click on seemingly legitimate looking links such as those included above, which in turn begins another cycle of cybercrime. Phishing can be used by criminals simply to gain credit card or banking information, or as a gateway to install malware on a device or network, which leads to even more serious crimes such as data breaches and or identity fraud.”
DomainTools offers top tips for consumers to avoid falling foul of a spoof website:
- Watch out for domains that have the pattern com-[text] in them. We’re so accustomed to seeing .com that we can easily overlook the extra text that’s appended to it with a dash.
- Look for typos on the website, coupon, or link that is directing you – for example, check for extra added letters in the domain, such as Yahooo[.]com.
- Look out for ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com.
- Watch all website redirects by hovering over URLs to see where the link will take you.Realise that if something is too good to be true, it likely is.
- Get into the habit of hovering your mouse over links, and then looking for a pop-up that shows what domain the link points to. Typo domains can often be exposed using this method. Chrome and Firefox both have this feature.