Domain Management

Domain Management / Recently Commented

Blockchain Domains and What They Could Mean for Online Scams and Brand Protection

Blockchain domain names, domains that are stored on blockchain or cryptocurrency exchanges, are part of a growing, unregulated, and decentralized internet. Right now, blockchain domains are used mostly by cryptocurrency users, but they are growing in popularity - the Ethereum name service reported over 2.2 million .eth domain name registrations in 2022. At the same time, crypto scams are also exploding, reaching a total of $3.5 billion in losses in 2022. more

The Highest Threat TLDs - Part 2

In the first article of this two-part blog series, we looked at how frequently domains were used by bad actors for phishing activity across individual top-level domains (TLDs) or domain extensions, using data from CSC's Fraud Protection services, powered by our DomainSecSM platform. In this second article, we analyze multiple datasets to determine the highest-threat TLDs, based on the frequency with which the domains are used egregiously for a range of cybercrimes. more

2023 Review of the Online Brand Protection Market

Having been involved in this sector for over fifteen years now, the rate of change in the market dynamics continues to surprise me - from its early years when MarkMonitor and NetNames clearly led the space for several years, then seeing well-funded startups such as Yellow Brand Protection and Incopro challenge that, followed by a period of heavy M&A, it is now extremely diverse. more

How Safe Are Your .KIDS?

This year has been one of the busiest years for domain launches in quite a while. Before the end of 2022, we'll see one more significant domain launch, namely .KIDS, on November 29, 2022. This extension is being launched as a safe space on the internet for children and parents. The registry has set out some very strict use policies to make this happen. Some companies have already registered their brands during the Sunrise Period, while others have taken up names in the Community Sunrise. more

Three Reasons Why CISOs Need to Understand Domain Security

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company's website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). Domains used as a company's online world are part of an organization's external attack surface and need to be continuously monitored for cybercrime attacks and fraud. more

Smells like Cybersquatting? How the UDRP “Smell Test” Can Go Awry

The UDRP has the form of a substantive Policy, but it operates as a "smell test".1 If the evidence smells bad, the panel will likely order a transfer. If it doesn't, the panel won't. An aim of this article is to help improve UDRP panels' sense of smell when it comes to differentiating between domain name investors and cybersquatters. I will provide some insight into the business of domain name investing that I hope will be helpful to UDRP panelists in making more accurate inferences in disputes involving investors. more

Turning the Tide of Online Scams: Interview With Prof. Jorij Abraham, Global Anti-Scam Alliance

Professor Jorij Abraham has been a part of the international eCommerce community since 1997. From 2013 -- 2017, he has been Director of Research & Advise at Thuiswinkel.org (the Dutch Ecommerce Association) and the European Ecommerce Association with 25.000+ members in 20 countries. He is now Managing Director of Global Anti-Scam Alliance, whose mission is to protect consumers from getting scammed. He is also e-commerce professor at the University of Applied Sciences, TIO. more

Registration Patterns of Deceptive Domains

A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that's deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing attacks... more

Where Domain Security Meets the Supply Chain Crunch

Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

Securing Weak Links in Supply Chain Attacks

We've all heard the term, "you're only as strong as your weakest link." Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever. Every business relies on a series of suppliers and vendors -- be it the dairy farm supplying milk to the multinational food manufacturer or the payment systems that retailers use. These links form supply chains that every business, large and small, deals with. There is simply no way around it. more

Domain Security: An Underused Cybersecurity Strategy and First Line of Defense in Your Zero Trust Model

Domain security is a critical component to help mitigate cyberattacks in the early stages - your first line of defense in your organization's Zero Trust model. According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks - including ransomware and business email compromise (BEC) - begin with phishing. Although losses due to ransomware now exceed billions annually, most ransomware protection and response measures don't adequately address phishing risks in the early stages of an attack because they don't include domain security measures to protect against the most common phishing attacks. more

New Research from CSC on the Impact of COVID-19 on Internet Security and Safety

Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing. Domain security intelligence is the first line of defense in preventing domain cyberattacks. more

2021 Domain Name Year In Review

Is it really 2022? Is it? Although many might view 2021 as another "lost" year due to the pandemic, filled with Zoom™ meetings, virtual conferences, working from home and restricted travel - there were a number of notable domain name stories which deserve to be highlighted. So, without further ado, here are the top 10 biggest domain name stories of 2021 - let's go! more

Registrar Influence on the Domain Security Posture of the Forbes Global 2000

In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning. On average, the adoption of domain security controls is two times higher for enterprise-class registrars than for those using consumer-grade registrars. more