The IT Nerd

BforeAI has revealed that they identified a total of 39 malicious domains, all newly registered on June 5 and 6, being used across a variety of scams as threat actors exploit the recent, notable, and escalating public trade policy feud between Elon Musk and Donald Trump.

Multiple domains related to hypothetical Trump vs. Elon conflicts have surfaced, often mimicking betting platforms, fake giveaways, or crypto multipliers. Threat actors are using a wide range of low-cost and under-regulated top-level domains (TLDs), indicating abuse-friendly zones. Such TLDs are also known for their ongoing malicious use for hosting and conducting phishing campaigns.

BeforeAI’s research provides a domain breakdown and threat types, including crypto scams, gaming and engagement lures (fake game, fraudulent mobile app, engagement farming), betting and merchandise, disinformation and reputation abuse, and telegram bot automation. 

Malicious infrastructure trends identified include the rise of threat actors taking advantage of a geopolitical event to launch new meme coins, fake betting sites, and phishing lures tied to online games and merchandise, and cybercriminals leveraging games to attract supporters to a phishing site.

You can read the report here.

With Summer approaching in just a month, the travel season is starting to bloom. However, as we enter one of the busiest travel seasons yet, a surge in travel plans unfortunately is accompanied by a surge in security threat risks all the way from travel to hospitality scams and everything in between. 

The BforeAI threat research team at PreCrime Labs has released their latest research determining the level of travel-related scam activity being actively planned for the 2025 travel season targeting the travel and hospitality sector. Research identified over 5,000 newly registered travel-related domains and significant update activity to over 6,000 existing relevant domains in the first quarter of 2025.

Additionally, the research exposed several campaigns that targeted travel victims filled with special flight giveaways, websites threatening to expose companies, and scams associated with lodging. 

With holiday travel surges, organizations must address the threat landscape extending beyond the traditional booking scams and typosquatting attempts, that further can extend to unconventional job offers, crypto coins, and integration of AI.

You can read the research here.

BforeAI will publish its latest report around Duolingo announcing the death of their owl mascot “Duo” at the hands of a Tesla Cybertruck driver, which created an opportunity for cybercriminals to leverage the incident and its subsequent virality to level various related online scams. 

The threat research team at BforeAI analyzed a variety of newly registered domains that emerged in the week following the announcement to reveal insights into their prevalence, structure, and the types of scams they facilitate.

You can read the report here.

BforeAI has revealed that its researchers have discovered multiple threats surrounding the recent LA wildfires, involving multiple phishing campaigns centered around various themes, including insurance, fundraising, claims, restorations, and the fire department. 

To maintain the relevance of the campaigns, the majority of domains retrieved since the incident target support, LA, fire, relief, fund, etc. BforeAI’s threat research report examines the patterns of domain registrations related to the LA wildfires, identifying trends and potential risks. 

Key findings include LA wildfire-themed cryptocurrency, GoFundMe campaigns, and misleading malicious merchandise stores. BforeAI also compares the fraudulent domain activity to other campaigns exploiting natural disasters previously, such as hurricanes that hit in 2024. 

You can read the research here: http://bfore.ai/malicious-domain-activity-during-the-los-angeles-wildfires. 

BforeAI, the world’s fastest and most accurate predictive attack intelligence and digital risk protection solution, announced today the company has closed an oversubscribed $10 million Series B round of funding led by Titanium Ventures. This investment round brings the company’s total funding to over $30 million and will accelerate market expansion in the utilities, pharmaceutical and healthcare sectors as the company continues to enhance its PreCrime™ platform, expand sales resources, and strengthen partnerships. 

BforeAI’s mission is to proactively safeguard data, IT/OT networks, digital assets, customers, employees, and brand reputation. Enabling organizations to effectively preempt risks in advance of an attack, the PreCrime platform is powered by behavioral predictive intelligence, monitors 98% of the Internet to stay ahead of cyber threats by 18 days on average, and has a false positive rate of a mere 0.05%. 

Over the past year, BforeAI grew substantially and achieved key milestones, including launching the PreCrime Guarantee and its breach protection pledge in partnership with the leading global cyber insurance provider. The PreCrime Guarantee reimburses customers up to ten times the value of their service contract if impacted by a cyberattack due to a failure by BforeAI’s predictive solution. Most recently, BforeAI was recognized by Gartner in its new report, “Cool Vendors for Artificial Intelligence in Banking and Investment Services.” The report serves as a guide to help chief information security officers (CISO), chief information officers (CIO), and chief data officers (CDO) in financial services and cyber fraud fusion centers identify solution partners for quick detection of risks and preemptive action before a fraud attempt even happens.

Existing investors SYN Ventures, Karista, and Addendum Capital, recognizing the company’s strong growth trajectory, participated in this round to maintain their ownership stakes.

Stamina Law in New York City, by Jade Ruscev, provided legal counsel to the company for the financing round.

BforeAI has revealed that its researchers observed a recent surge in phishing attacks leveraging alleged communications from the Dubai Police, an integral part of the Dubai government and a frequent target of cybercriminals. 

The campaign is primarily being relayed via SMS texts, and URLs redirect users to a malicious domain. BforeAI analyzed 268 domains based on keyword matches from September 17 through November 22 to uncover specific patterns and trends involving the mention of Dubai Police.

Most domains originated from servers based in Singapore and have a history of malicious activity, including spam, phishing, and botnets. Over two dozen of these domains have already expired, with some registered as recently as November, indicating short-lived campaigns.

Two of the registrants were found to be from India and Dubai itself, and their suspicious names suggested that they originated from a legitimate company. In other cases, the threat actors have managed to keep their identities anonymous.

You can read the full research here.

Today, BforeAI released the firm’s latest report, “Financial Domain Spoofing Trends of 2024, ” highlighting the growing concern on targeted spoofing and impersonation attacks using high-profile financial organization’s brands, such as BVA, HSBC, and PayPal, as a vector for malicious activity. 

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing. The industry is becoming more of a persistent threat and phishing tactics are becoming increasingly advanced due to AI.

Researchers at BforeAI analyzed 62,074 domains with finance-related keywords. 62% of those observed domains were involved in phishing attacks targeting legitimate institutions through spoofing websites. 

You can read the full report here: https://bfore.ai/financial-domain-spoofing-trends-of-2024/

BforeAI has released the 2024 Paris Olympic Games Infrastructure Attack Report, which details the domain and infrastructure-based threats uncovered related to the Paris Olympics.

By analyzing newly registered domains acquired two weeks before the event, indicating the rise in malicious activities, BforeAI researchers discovered 166 unique domains that leveraged the common signs of DNS abuse.

Significant use of keywords related to the Olympics and specific years or events was found in an attempt to attract traffic and appear relevant to search engines, so the domains in this cybercriminal infrastructure gain an advantage of the ‘domain age,’ which can influence their future SEO. 

Counterfeit Olympic shop domains were increasingly prevalent in the lead-up to the Paris Olympics, potentially resulting in significant financial losses for fans and enthusiasts looking to purchase official merchandise and experiences. 

The technical analysis unveils examples of fake shops set up before the Olympics to commit economic fraud and collect personal information with top-selling stores, tickets sold through fake websites for monetary gain and information harvesting, and different websites to support their respective countries.

You can read the report here.