Don't Click: The Alarming Rate of Malicious Domains and How to Protect Your Phone
As a digital user, you've been warned – don't click here. It all starts with a link. Whether it's an AI-perfected phishing email that's impossible to defend or an unpaid toll or undelivered package text that should be easier to detect, there's an entire industry now crafting malicious domains to trick millions of smartphone and PC users into clicking when they shouldn't.
The Average Lifespan of a Malicious Domain
According to Google, the average malicious site exists for less than 10 minutes. That's the lifespan during which you receive, click, and surrender your credentials or install malware before the site is found and blocked or taken down. This rapid turnaround time highlights the urgency of protecting yourself from these threats.
The Rise of Malicious Domains
The sheer volume of newly observed domains in 2024 was over 106 million – approximately 289,000 daily – creating a significant challenge for security teams. DomainTools' security research team has issued a new report that highlights just how fast the turnaround time is behind these malicious domains.
A Deep Dive into Scam and Malicious Domains
The DomainTools team recently undertook a project to identify and analyze scam and malicious domains that emerge in the wake of high-profile viral media events. They sampled multiple events, including the Los Angeles Fire, NoKings, DeepSeek/China AI developments, the ongoing Trade War, and the Ukraine War.
What They Found
The team expected credential phishing to be the primary objective, but what they actually discovered was that the predominant motivation across sampled events was direct financial profit. This was mainly fraudulent charity websites for tragedies such as the LA fires or Myanmar earthquake, but also selling merchandise related to the event topic and creating and promoting meme cryptocurrency coins based on the event.
DeepSeek: A Prime Example
The team cites DeepSeek as a prime example of a malicious domain that accrued over $46 million worth in fake meme coins before the rug was pulled. This indicates that scammers had already cashed out, highlighting the speed and efficiency of these malicious domains.
The Anatomy of a Malicious Domain
Suspect domains are not complex – the simpler and more precise the better. For example, "Lafirevictimsupport[.]com" purported to collect donations on behalf of the American Red Cross. The FBI and others urge caution when it comes to viral events, especially when there is a sense of urgency to act now in campaigns.
Protect Your Phone
As ever, don't click through. If you want to help with a charity event or support an organization, navigate to their website directly instead of clicking on a suspicious link. You can also check the top-level domain – legitimate websites are unlikely to sport .XYZ or .TOP domains. Google's new scam detection will help flag these threats, but it should be easier than it is proving to block such blatant fraud from hitting millions of phones daily.
The Importance of Vigilance
The alarming rate of malicious domains and the speed at which they emerge highlight the importance of vigilance when it comes to online security. By being aware of these tactics and taking steps to protect yourself, you can reduce your risk of falling victim to these scams. Don't click on links from unknown sources – trust your instincts and verify information before clicking through.