According to a recent blog post by Akamai Technologies, security researchers analyzing phishing campaigns targeting the United States Postal Service saw traffic to the fake domains similar to that of the legitimate site and during the holidays it “greatly exceeded legitimate traffic”.
Akamai started observing USPS-themed phishing last October after an employee received a suspicious text that redirected to a site containing malicious JavaScript code. During the 2023 holiday season, researchers observed a significant volume of DNS queries going to “combosquatting” domains that impersonated the USPS service.
The design of the fake pages appears as exact replicas of the actual USPS site even with realistic tracking pages with status updates. The total queries generated by these malicious websites between October 2023 and February 2024 is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site. Meanwhile, the traffic to malicious domains from November to December was higher compared to the legitimate one.
Akamai only focused this research on USPS, so the scale of these combosquatting campaigns could encompass other postal brands and likely be larger.
Dave Ratner, CEO, HYAS had this to say:
“Attacks involving typosquatting, combosquatting, or look-alike domains are increasing in nature and can be highly effective as individuals often don’t inspect the domain name itself closely enough. This can be made more complicated and difficult to detect with the use of different character sets like punycode which can make the difference between the legitimate and fake domain very hard, if at all possible, to detect by visual inspection. This is one of the reasons that Protective DNS solutions are so vital today, because they know the legitimate domains from the fake ones and can be the critical difference between a successful attack and a failed attempt.”
This is pretty insane. The fact that the real USPS site gets less traffic than fake ones shows that this is a huge problem that really needs to be addressed. I am not sure how one would address this, but it’s high time to figure it out.
Like this:
Like Loading...
Related
This entry was posted on April 29, 2024 at 3:05 pm and is filed under Commentary with tags Akamai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Malicious USPS Phishing Sites Exceed The Traffic Of The Real Site
According to a recent blog post by Akamai Technologies, security researchers analyzing phishing campaigns targeting the United States Postal Service saw traffic to the fake domains similar to that of the legitimate site and during the holidays it “greatly exceeded legitimate traffic”.
Akamai started observing USPS-themed phishing last October after an employee received a suspicious text that redirected to a site containing malicious JavaScript code. During the 2023 holiday season, researchers observed a significant volume of DNS queries going to “combosquatting” domains that impersonated the USPS service.
The design of the fake pages appears as exact replicas of the actual USPS site even with realistic tracking pages with status updates. The total queries generated by these malicious websites between October 2023 and February 2024 is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site. Meanwhile, the traffic to malicious domains from November to December was higher compared to the legitimate one.
Akamai only focused this research on USPS, so the scale of these combosquatting campaigns could encompass other postal brands and likely be larger.
Dave Ratner, CEO, HYAS had this to say:
“Attacks involving typosquatting, combosquatting, or look-alike domains are increasing in nature and can be highly effective as individuals often don’t inspect the domain name itself closely enough. This can be made more complicated and difficult to detect with the use of different character sets like punycode which can make the difference between the legitimate and fake domain very hard, if at all possible, to detect by visual inspection. This is one of the reasons that Protective DNS solutions are so vital today, because they know the legitimate domains from the fake ones and can be the critical difference between a successful attack and a failed attempt.”
This is pretty insane. The fact that the real USPS site gets less traffic than fake ones shows that this is a huge problem that really needs to be addressed. I am not sure how one would address this, but it’s high time to figure it out.
Share this:
Like this:
Related
This entry was posted on April 29, 2024 at 3:05 pm and is filed under Commentary with tags Akamai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.