No Comments

AI domains from trusted brands are used for fraud


Nearly half of Forbes Global 2000 companies are having their brands used by third parties in artificial intelligence (.ai) domain name registrations, according to CSC’s 2023 Domain Security Report. According to the cybersecurity company, cybercriminals are exploiting the popularity of AI to register trusted brand domains for malicious activities. Proof of this is the 350% increase this year in cases of domain disputes involving AI extensions from companies that discovered the illegal use of their brands.

Cybercriminals are also using domains that closely resemble (homographs) Global 2000 brands to launch phishing attacks and other forms of digital brand exploitation and IP infringement, the report says. According to the document, third-party registrations of famous brand AI domains already reach 43% of Global 2000 companies. Furthermore, of the companies with brand domains registered for AI, 84% are owned by third parties, while 49 % are available. The sectors with the highest percentage of AI domain occupancy are banks and other companies in the financial sector, as well as software and IT services.

“IA is a domain extension with no registration restrictions and this makes it an attractive and accessible domain name for cybercriminals,” says Mark Calandra, president of CSC’s Digital Branding Services division. “With corporations operating multiple brands, fraudsters are ready to take advantage of their trusted names by acquiring AI domains that are still available.” According to Calandra, rapid detection and deactivation of domains that are similar to or use a company’s brand is crucial. “AI dominance in the wrong hands can lead to website redirects, online fraud, phishing attacks and malware,” he adds.

The report also found a slight increase in the number of similar domains owned by third parties, from 4% in 2022 to 79% this year. Of the lookalike domains evaluated by CSC, 40% have email exchange (MX) records, which can be used to send phishing emails or intercept emails, according to the report.

Other uses cited in the document include pointing to advertising, pay-per-click ads or domain parking (36%), pointing to a live website not associated with the brand owner (14%), and pointing to malicious content that could harm the brand reputation and customer trust (1%). Domain parking is making the domain name point to a specific page, through DNS assignment.

To access the original CSC report in English on the use of illegal AI domain names click here.


See the original post at: CisoAdvisor

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.