Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Why Are GoDaddy's .US Domains Being Used For So Much Phishing? (krebsonsecurity.com) 23

An anonymous reader shared this report from cybersecurity blogger Brian Krebs: Domain names ending in ".US" — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States... [F]ew other major countries in the world have anywhere near as many phishing domains each year as .US.

That's according to The Interisle Consulting Group, which gathers phishing data from multiple industry sources and publishes an annual report on the latest trends. Interisle's newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000 .US phishing domains.

.US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world's largest domain registrar. Under NTIA regulations, the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S. But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn't working.

This discussion has been archived. No new comments can be posted.

Why Are GoDaddy's .US Domains Being Used For So Much Phishing?

Comments Filter:
  • by Anonymous Coward on Saturday September 02, 2023 @11:37AM (#63817018)
    easy fucking question to answer. nobody wants a .us domain name so the massive landgrab never happened there. yet it is still plausible that a US company would have a .us domain name.
  • .us is not an issue but .co was overwhelming to the point I blocked all email from it.

    • by Megane ( 129182 )

      I run my own inbound SMTP and .us was definitely enough of a problem that I blocked it early, along with .stream and .top, and had to whitelist a couple of .us domains from acquaintances that foolishly had one. I have most ccTLDs blocked, and have IP range blocks for rogue ISPs (mostly from data centers in Europe these days, I guess I covered Asia well enough already). I don't put in blocks until I get spam from them, but I also don't try hard to narrow down IP blocks. Whether I block a class C or a class B

      • by MeNeXT ( 200840 )

        Gmail and outlook are an issue. I resorted to header checks and body checks. No longer get Geek squad or norton.

  • Hmmm.. (Score:4, Informative)

    by Vegan Cyclist ( 1650427 ) on Saturday September 02, 2023 @01:24PM (#63817252) Homepage

    "But Interisle found that whatever GoDaddy was doing wasn't working."

    There. Fixed that, not just this issue.

    Such a scammy company, no surprise.

  • by Fly Swatter ( 30498 ) on Saturday September 02, 2023 @01:26PM (#63817258) Homepage
    Money over civility. I have been getting credit report phishing spam at least daily for multiple months now and every one of them is from a unique GoDaddy registration. At this point either GODADDY doesn't care about abuse or someone within GODADDY is in on the phishing scams.
    • by Tony Isaac ( 1301187 ) on Saturday September 02, 2023 @01:57PM (#63817366) Homepage

      From the beginning, GoDaddy has sold domains using sex. It's very name alludes to this, and its commercials reinforced this message. Sure, all kinds of businesses do this. But the message it sends is that the company is willing to use anything, even completely irrelevant marketing tactics, to get people to buy its stuff. In other words, whatever it takes to get people to buy. Is it surprising that a company with this kind of attitude, turns a blind eye to phishing?

  • by waspleg ( 316038 ) on Saturday September 02, 2023 @01:38PM (#63817298) Journal

    WHOIS hiding is not allowed. I wonder how they're getting around all this - other than just no one cares to enforce it? My domain is not with GoDaddy maybe that's why?

  • by VeryFluffyBunny ( 5037285 ) on Saturday September 02, 2023 @03:47PM (#63817624)
    ..."light touch" regulation, under funding regulatory & enforcement departments, appointing cronies to positions that require some degree of competence, etc..

    Same reasons that there always are.
  • (or is that a doughnut?) and validation and verification cost money and eat into the profit of selling them the domain name in the first instance.
  • by WindBourne ( 631190 ) on Saturday September 02, 2023 @06:47PM (#63817976) Journal
    It is trivial to pull these stunts because everyone on the internet is pretty much anonymous to each other. Unless they are using a TRULY VETTED certificate, then you can not be certain of anything. Estonia is about the only nation that does not have this issue. Why? Because they issue a vetted digital certificate to all citizens which they can then use for on-line transactions.
  • When GoDaddy nuked my email forwarding accounts with no notice, we all knew they were f*cked.

    GoDaddy actively nuked my anti-spam feature (which was creating forwarding accounts and giving a forwarding email to every company, so I knew who was spamming me or selling my email to spammers) it was obvious they wanted to help the spammers.

    I'm with NameCheap now.

    If you want to bankrupt GoDaddy, find a phone number where they actually answer the phone, and give it to every borderline-illegal website you can find.

  • by JimMcc ( 31079 ) on Sunday September 03, 2023 @10:21AM (#63819402) Homepage

    A while ago I added .us to the list of garbage domains that I block. It cut down on a lot of garbage that I was receiving. If you are a legitimate business using .us, sorry, I won't see your emails.

"Your stupidity, Allen, is simply not up to par." -- Dave Mack (mack@inco.UUCP) "Yours is." -- Allen Gwinn (allen@sulaco.sigma.com), in alt.flame

Working...