Real fake news: Spoofed domains are targeting major media outlets

Real fake news: Spoofed domains are targeting major media outlets
featured image

This article originally appeared in SiliconAngle on February 22, 2019.

A new report from cyberthreat intelligence firm DomainTools LLC says spoofed or faked domains are increasingly targeting media outlets.

The quarterly “State of the Domain” report found that top media outlets in the U.S., including The New York Times, USA Today, CSO, The Washington Post and Krebs on Security, are being targeted. More than 200 fraudulent domains that were nearly identical to the publication’s legitimate domain name were found.

Some examples include nytimesofficial[.]com, usatosday[.]com, washinqtonpost[.]com and bistonglobe[.]com, krebsonsecurity[.]org, chicagotribunesnews[.]com, newsdag[.]com and cosonline[.]cn, all involving incorrect spelling, additional text or a different top-level domain extension.

The research noted that the campaigns can potentially extract personally identifiable information, download malware to a device or spoof news sites to spread disinformation to the public.

“Phishing carried out by typosquatting domain campaigns are particularly worrisome as they allow for seemingly trusted websites, with legitimate SSL certificates, to trick Internet users into a false sense of security,” Corin Imai, senior security advisor at DomainTools, said in a statement Wednesday. “Our research underscores the need for media outlets to leverage cyber threat intelligence and maintain vigilance over efforts to undermine their credibility.”

Mike Bittner, digital security and operations manager at The Media Trust, told SiliconANGLE that “typosquatting or website spoofing is one of many methods cybercriminals use in their increasingly complex fraud schemes.”

“They trick hurried, inattentive consumers into visiting fraudulent or defunct sites so they can either drop malicious files into consumers’ devices or collect sensitive information they can use for phishing attacks or sell on the dark web,” Bittner explained. “The result is the same: Consumers unknowingly serve up their information to crooks who commit identity theft and financial fraud.”

The research suggests that those who consume news online need to keep a watchful eye out for domains that mimic leading news sources with unassuming typos or disguised letters.

“Further, educational campaigns that raise awareness about these issues will continue to be necessary in mitigating risks that come with malicious activity targeted at legitimate media sources,” Imai added.