Artificial Intelligence driven Marketing Communications
SUNNYVALE, Calif.– Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today released its 2019 Domain Fraud Report, which uncovers the latest trends shaping the domain landscape and the tactics and activity of threat actors. The report provides in-depth analysis of data collected from Proofpoint’s Active Domains Database, which contains over 350 million domains and represents virtually all domains on the web, over a twelve-month period.
“Similar to many of today’s top attack methods, domain fraud targets individuals rather than infrastructure by using social engineering to trick users into believing the domains they are accessing are legitimate,” said Ali Mesdaq, director of Digital Risk Engineering for Proofpoint. “Due to the relatively low barrier to entry of domain registrations and ease of execution, it is critical that organizations remain vigilant of suspicious and infringing domains that might pose a risk to their brand and customers.”
The growth of fraudulent domains corresponds to the growth of the overall domain landscape. Between Q1 and Q4 2018, registrations of fraudulent domains grew by 11 percent. Nearly all fraudulent domains detected by Proofpoint remain active and positioned for attack, with more than 90 percent associated with a live server. Of these fraudulent domains, more than 15 percent have Mail Exchanger (MX) records, indicating that they send and/or receive email. One-in-four also have security certificates – far more than appear in the aggregate domain landscape – which many internet users mistakenly equate with legitimacy and security.
Fraudulent domains leverage many of the same top-level domains (TLDs), registrars, and web servers as legitimate domains to impersonate brands and manipulate users. These factors, as well as the high proportion of live web servers, many with valid SSL certificates, increase the perceived legitimacy of fraudulent domains, increasing the potential for a wide range of attacks, including wire transfer fraud, phishing, counterfeit good sales and other scams.
This year’s Domain Fraud Report key findings also include:
To identify domain squatters and phishing campaigns and stop them from targeting brands, customers, and employees, organizations worldwide trust Proofpoint Digital Risk Protection to protect their domains. Using machine learning and artificial intelligence, Digital Risk Protection analyzes a vast body of domain data to uncover domain fraud and infringing domains. Real-time alerts also inform brands when domains and SSL certificates are expiring to help keep brand-owned domains secure.
About Proofpoint, Inc.
Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint to mitigate their most critical security and compliance risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.
Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.