Character Spoofing Attacks and .US Phishing: How Criminals Are Fooling Your Employees

Posted November 14, 2023

Cybercriminals are setting up fraudulent websites impersonating major U.S. brands on .US domains. According to recent threat intelligence. Large corporations including Wells Fargo, Chase, Walmart, FedEx, and PayPal have been spoofed to steal credentials or distribute malware. Phishers are increasingly utilizing .US domains, and businesses face growing risks from this and similar scams.

Anatomy of a .US Phishing Scam

In one instance, phishers created a FedEx-branded .US site to distribute malware. The site was promoted via spam emails purporting to contain information about an undelivered package. When unsuspecting users clicked the tracking link, they were taken to the fake but credible-looking FedEx site. In reality, it was infected with malware that would compromise the victim’s device.

This shows how a momentary slip can cause significant damage. Familiar messaging and branding tricks users into a false sense of security. Organizations must educate staff and implement layered defenses to counter this prevalent phishing technique.

The Scale of .US Phishing

According to security research, over 30,000 .US domains have been identified as tied to phishing campaigns. The domains are often hosted on compromised WordPress sites that have had their DNS settings hijacked by phishers. This allows them to create subdomains and use the sites for free initially. The sheer volume of malicious .US domains illustrates the growing reliance on this tactic.

Technical Tricks Used by Phishers

In addition to DNS hijacking, phishers use other technical tricks with the .US domains to avoid detection. These include rapidly changing the location of phishing sites across different IP addresses using fast flux hosting — which causes sites to be tough to pin down or blacklist. Some phishers also take advantage of free .US domain trials before redirecting to their scam infrastructure.

Constant Evolution of Phishing Tactics

As long as phishing remains profitable, new tactics like .US domain abuse will continue evolving. Phishers have already begun exploring evasion techniques like character spoofing within domains. These use symbols or characters from non-Latin alphabets that appear identical to regular letters. ICANN allows domain names to contain characters from any language script as long as they are supported by the DNS protocol. You can see how the below examples can fool even very observant users. Of course, don’t load any of the below domains as they would not be authentic sources and could be malicious.

mіcrosoft.com – Uses the Cyrillic letter ‘і’ instead of an ‘i’.
paypаl.com – Uses the Cyrillic letter ‘а’ instead of an ‘a’.
apple.com – Could use the Latin letter ‘а’ which looks identical to an ‘a’.
amazon.com – Could use the Greek letter ‘ο’ instead of an ‘o’.
gооgle.com – Uses a Cyrillic ‘о’ instead of a Latin ‘o’.
bankofamerica.com – Could use Cyrillic letters identifying as ‘a’, ‘e’, ‘o’ etc.

Continuously training employees and leveraging software defenses to recognize the subtle signals of phishing is key for security.

Recommendations for Protecting Your Business

Businesses should take measures to guard against rapidly increasing threats from phishing attacks.

Train employees to identify fraudulent domains and avoid clicking links in emails.
Always type out domains to avoid character spoofing attacks.
Block newly created .US domains from being accessed on corporate networks.
Require multi-factor authentication to mitigate stolen credentials.
Deploy DMARC and email authentication to catch spoofing.
Monitor external threat feeds for newly identified phishing sites.
Test defenses with simulated phishing campaigns.

With vigilance and proactive precautions, companies can thwart the phishing threat. Ongoing security awareness and adapting to evolving tactics are key to protecting organizations from growing threats.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.