Numerous fraudulent sites disguised as well known brand in .RU zone
In autumn, experts recorded mass registration of domain names with the names of well-known brands in the .RU zone
Specialists at Infosecurity, a Softline company, recorded mass domain registration in Runet with the name of well-known brands and the ending off, which can be used for sales.
As an example, the company cited the domain names familiya-off.ru, detskiy-mir-off.ru, tele2-off.ru, rosneft-off.ru and citilink-off.ru. According to the head of the Infosecurity special server Sergey Trukhachev, on October 20, the Ethic threat detection service detected the registration of 192 such domains. All of them are registered through the same Russian structure with servers at ISPIRIA Networks Ltd, located in Belize (Central America). As Trukhachev noted, the company is often used for hosting malicious sites.
At the end of September, the appearance of hundreds of similar domains in Runet was noticed by SearchInform. According to Alexey Drodd, head of the company’s information security department, it’s about very diverse brands (furniture companies, clothing stores, jewelry stores, mobile retail).
According to Kirill Kirillov, co-founder of BrandMonitor, domains with the names of major brands are registered every day, and the earnings of scammers depend on the method of monetization. For example, according to Kirillov, counterfeit dealers can earn 3-10 million rubles ($39,000 – $117,000) annually.
Such a site can be blocked in a day if it is obvious that it is phishing or distributes malicious software. There are also cases when it is technically impossible to block access to a resource: if their servers are located in a country where hosting providers do not block sites (for example, in Belize).
The companies surveyed said they monitor domain registrations with similar names and fight them when signs of fraud appear.