When you spend years studying the malicious texts and emails that cybercriminal gangs use to target people, you can’t help but notice patterns. One of these patterns concerns the purchase of domain names. (And we believe this criminal gang is in India, based on “bread crumbs” that point there.) We think that a cybercriminal gang purchases hundreds of domain names ending in the same single “global top level domain” (gTLD) because buying in bulk is cheaper for them. A gTLD always appears at the end of a domain name, after a period. Everyone recognizes the gTLDs “.com” “.edu” and “.org.” We’ve reported many times over the years that criminals bulk buy domain names with the same global top level domain and use them for their malicious purposes. For example, read our May 22 Top Story “Stay Away from the Pro.” It cautioned people against clicking on any domain name that ended in “.pro” like “mydomain.pro.”
During the last few weeks we’ve found hundreds of malicious websites that use the gTLD “.info.” Here are just a handful of examples taken from the FROM address of malicious emails we’ve seen. The malicious domain can be found after the “@” symbol. ALL of these DOT-info domains were registered in Maharashtra, India on November 20, 2019:
Slimming Recipes <soupdetox@inframild[.]info>
Carbine Shooting System <selfdefense@pekintein[.]info>
Regain Lost Memories <memoryloss@hollantau[.]info>
Reduce Electricity Consumption <energysystem@curectuser[.]info>
Chord Piano <music@banksharce[.]info>
Woodworking Shop Layout <woodwork@scherstag[.]info>
Joseph Wilkinson <energydevice@nascalostr[.]info>
Natural Gout Remedies <gouttherapy@imporgate[.]info>
Instant Pain Relief <killpain@glycomisys[.]info>
Sprinkle This Spice <newsletter@bigbytery[.]info>
Neuropathy Foot Pain <nervepain@herbient[.]info>
Jake Mayers <wealthsecret@enrafilor[.]info>
And now we are seeing an uptick in malicious domains ending with “.icu.” Stay clear of them! For example...
20/20 without glasses <20/20withoutglasses@visiotwittw.icu> (11/20/19)
Hip Arthritis <Polyarthritis@curearthritis.icu> (11/20/19)
The holidays are fast approaching and you will certainly see an increase in advertisements with holiday themes. This is also a time when can expect to see increasing holiday-themed malicious emails, texts and fake ads, like this clickbait with the subject line “Best gift for holidays.” And yes, it points to a DOT-icu! You can see below that the Zulu URL Risk Analyzer had no problem identifying it as malicious.
We’re recently learned of a very interesting marketing ploy which feels soooo scammy, and some are saying is a scam because of the quality of merchandise sold. Women across the U.S. are getting congratulatory notices on their pregnancy from someone named Jenny B! But they aren’t pregnant and they don’t know anyone named Jenny B! Read about this on TheLily.com.
To all of our American and Candadian readers... we wish you a very warm, safe, and wonderful Thanksgiving holiday with friends and family.
Doug and David