Scammers Sign-up ‘.AI Domains’ of Trusted Brands to Dupe Users

Scammers Sign-up '.AI Domains' of Trusted Brands to Dupe Users

As AI keeps growing, criminals are also getting more sophisticated. They have taken advantage of the technology to register .AI domains of trusted brands to launch phishing attacks and embark on malicious activities, according to a 2023 Domain Security Report.

According to the report, this also comes as about 1,000 of the Forbes Global companies do not have control of their branded .AI domain names.

An increase in domain disputes

The CSC report revealed that while AI technology is being embraced the world over for its transformative power, the same technology is open for manipulation as criminals are using it to launch attacks.

This has also seen an increase in domain dispute cases involving AI extensions in 2023, as .AI domains using their brands were misappropriated by third parties, the report shows.

CSC found out that 43% of the Forbes Global 2,000 companies do not have control of their branded .AI domain names as they are registered by third parties.

Additionally, 49% of the .AI brand domains of these companies remain unregistered, leaving them open to fraud and brand infringement.

The report further shows that out of the companies using their branded domains registered for AI, 84% of them are owned by third parties. Industries like banking, diversified financials, IT, and software services have seen the biggest number of stolen domains.

“.AI is a domain extension with no registration, so it makes it an attractive and accessible domain name for cybercriminals,” CSC president of digital brand services division Mark Calandra told CSO.

“With corporations operating multiple brands, fraudsters are ready to take advantage of their trusted names, snapping up ‘branded’ AI domains that are still available.

Also read: AI Wave Leads Stack Overflow to Reframe Strategy and Staffing

A thread of fake domains

According to a CSO article, the problem became noticeable following the launch of Threads by Instagram. Parent company Meta introduced the new online platform in July of this year, becoming an instant hit with over 100 million sign-ups within just five days of its launch, surpassing ChatGPT as the fastest-growing platform.

Veriti, a security firm, noticed an increase in suspicious domain creation since then, with over 700 fake domains created and registered every day that were related to Threads.

These, according to the security company, posed a significant threat to users as they were meant to distribute malware and lure unsuspecting individuals into downloading untrusted versions of the app.

But businesses can also do something to limit the problem, according to Calandra.

“Due to the significant media coverage recently on the potential use of AI for fraud in the future, registering your brand in the .AI domain extension is important to protect your key trademarks.”

He also added the need for businesses to have rapid detection software and “deactivation of confusingly similar brands imitating brands.”

Malicious content

The CSC report thus highlighted an increase in third-party lookalike domains to 79% in 2023, compared to 4% recorded in the previous year. CSC did an evaluation of the lookalike domains and discovered that 40% have a mail exchange record that can be used to intercept emails or send phishing emails.

The report also cited other uses like domain parking and pointing to advertising (36%), resolving to a website that is not related to the brand holder (14%), and pointing to malicious content that could possibly damage the brand’s reputation and customer confidence (1%).

A recent report also found that, with advancements in AI unfolding, scammers were also increasingly finding ways to dupe unsuspecting users. For instance, they have found ways of infiltrating Microsoft’s Bing Chat with malicious ads and redirecting users to certain websites.

Image credits: Shutterstock, CC images, Midjourney, Unsplash.