The IT Nerd

Netcraft, a cybersecurity company specializing in phishing detection, cybercrime disruption, and website takedown, has revealed new research that identified a staggering 135% increase in fake retail sites compared to last year – up from the 63% increase over the previous year. The annual increase has more than doubled in the last 12 months, and the growth is alarming. 

Netcraft’s new report analyzes prominent fake retail websites and cybercriminals’ techniques for tricking users and ultimately impacting brand credibility and reputation. 

The data provides real examples of fraudulent retail sites Netcraft detected and since taken down, including fake shops with Black Friday promo targeting Lowe’s, Rakuten, and Vionic Shoes. 

You can read the report here.

Netcraft has published research on the popularity and rise of .ai – the country code top-level domain (ccTLD) for the British Overseas Territory of Anguilla – and the related increase in malicious activity. Registration fees that go to the treasury of the Aguilla government, according to The New York Times, made $2.9M .ai registrations in 2018. 

Registrations for this ccTLD began in 1995 and accelerated rapidly due to the boom in AI and related industries. Netcraft’s data comes from its internet data and research of every discoverable site on the Web run monthly since 1995. 

The ccTLD is used by many legitimate businesses, including Google and Meta (registering google.ai and facebook.ai in 2017), redirecting websites promoting their work in AI. Netcraft detected a significant growth in web servers using .ai domains in 2017 when the technology industry and the broader media began to notice (and report on) the potential of AI. 

The increase in malicious activity using .ai domains includes phishing attacks, affiliate marketing scams, defaced sites, cryptocurrency investment scams, and web shells. Netcrafts’ research to date shows that .ai is a rapidly growing domain space that could be used for malicious purposes and future potential for .ai to be used for phishing .au domains in typosquatting attacks, as the letters ‘u’ and ‘i’ are next to each other on most common keyboard layouts (such as QWERTY, AZERTY, and Dvorak). 

You can read the research here.