In the ever-evolving landscape of cybersecurity, phishing remains one of the most prevalent and dangerous threats. As technology advances, so do the tactics of cybercriminals. One of the latest trends in phishing attacks involves the use of new domains. These domains, often freshly registered and seemingly legitimate, are increasingly being exploited to deceive unsuspecting users. Many of these domains are what are known as gTLDs, or Generic Top Level Domains. You can spot them by their unusual extensions, like .shop, .xyz, .top, .tech, and so on.

A recent study on phishing data revealed that while new gTLDs introduced in the last few years command only 11 percent of the market for new domains, they accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024! This is also problematic since the entity that oversees domain names plans to introduce a host of new gTLDs in the months to come.

Why are Generic Domains Attractive to Scammers?

New domains are particularly appealing to cybercriminals for several reasons:

1. Inexpensive Registration: Registrars of these gTLDs tend to offer cheap or free registration with little to no account or identity verification requirements. For example, among the gTLDs with the highest cybercrime domain scores in this year’s study, nine offered registration fees for less than $1, and nearly two dozen offered fees of less than $2.00. By comparison, the cheapest price identified for a .com domain was $5.91.
2. Lack of Reputation: Established domains often have a history and reputation that can be tracked. New domains, on the other hand, have no such history, making it easier for attackers to create a façade of legitimacy.
3. Availability: With millions of domains already registered, finding a suitable and available domain name can be challenging. New domain extensions provide a plethora of options for cybercriminals to choose from.
4. Trust Exploitation: Users tend to trust new and innovative domain names, especially if they are cleverly crafted to mimic well-known brands or services. This trust is what phishers exploit to lure victims into their traps.

Common Phishing Tactics with New Domains

Phishers employ a variety of tactics to exploit new domains, most following the typical phisher’s playbook:

• Spoofing: Creating domains that closely resemble legitimate websites (e.g., using “rn” instead of “m” in a URL, or a “0” in place of an “O”) to trick users into thinking they are visiting a trusted site.
• Email Phishing: Sending emails from new domains that appear to be from reputable sources, urging recipients to click on malicious links or provide sensitive information.
• Malvertising: Using new domains in online advertisements that lead to phishing sites, often disguised as promotions or special offers.

How to Protect Yourself

While the threat of phishing attacks on new domains is real, there are several steps you can take to protect yourself:

1. Be Skeptical: Be cautious of unsolicited emails, especially those that urge immediate action or request personal information.
2. Verify URLs: Before clicking on a link, hover over it to see the actual URL. Look for subtle misspellings or unusual domain extensions.
3. Use Security Tools: Employ anti-phishing tools and browser extensions that can help detect and block malicious sites.
4. Educate Yourself: Stay informed about the latest phishing tactics and trends. Knowledge is one of the best defenses against cyber threats.

Proceed with Caution

As the digital world continues to expand, so do the opportunities for cybercriminals. New domains offer a fresh playground for phishers. However, that certainly doesn’t mean all new domains are dangerous. So as long as you exercise caution and pay close attention to signs of trouble, you can protect yourself from falling victim to phishing attacks. Stay safe, stay informed, and always be on the lookout for signs of phishing.