< ciso
brief />
Tag Banner

All news with #domain impersonation tag

52 articles

LastPass and Bitwarden Users Targeted by Phishing Alerts

🔔 LastPass warns of an active phishing campaign using fake corporate-style security notices that redirect recipients to fraudulent landing pages impersonating DocuSign. The emails, claiming to announce policy updates, come from addresses like hello@lastpassnewsletter.com and lead to domains such as lastpasscompliance[.]com, which have been flagged as malicious. Bitwarden users have received similar messages from hello@bitwardennewsletter.com redirecting to bitwardencompliance[.]com. LastPass confirms its systems were not breached and urges users to never share their master password and to report suspicious messages to abuse@lastpass.com.
read more →

OnlyFans DMCA Requests Reveal Compromised Domains

🔎 Armed with copyright law and internet scanning, OnlyFans creators and specialized vendors have been using DMCA takedowns to identify and remove unauthorized adult-content listings that appear on high-authority government and education websites. By tracking requests in Google’s Transparency Report and the Lumen database, researchers mapped thousands of compromised .gov and .edu domains used by traffic distribution systems (TDS) and parasite SEO. This trend has grown rapidly since 2020 as decentralized content ownership increased detection coverage and vendor capabilities.
read more →

Google sues scammers leveraging Gemini AI

🛡️ Google has filed suit against a group called Outsider Enterprise, accused of running phishing-as-a-service via Telegram using Gemini to create convincing fake sites. The operation reportedly offered nearly 300 scam templates impersonating Google, YouTube, and agencies like New York’s E‑ZPass. Google coordinated with carriers and used on‑device protections in Google Messages to block many malicious texts. The company hopes legal action and technical defenses will curb the campaign.
read more →

Phishing campaign impersonates Interpol to spread ransomware

🛡️ Cybercriminals are impersonating Interpol in a phishing campaign aimed at small businesses across Europe, Asia, the Middle East and North America. The emails claim to be from the 'Cybercrime Investigation Unit' and urge recipients to open a password-protected Proton Drive file supposedly containing evidence. The file leads to an executable disguised as a video that deploys ransomware and instructs victims to contact attackers via Tox rather than listing a ransom.
read more →

Phantom squatting: AI-hallucinated domains abused

🛡️ Palo Alto Networks' Unit 42 warns attackers are registering AI-hallucinated domains and using them for phishing and malware distribution. The report shows models invent millions of links, many unregistered, and attackers are preemptively purchasing and cloning brand sites. Because new domains lack reputation data, they evade blocklists until damage is done. Unit 42 documents several real-world cases and offers mitigation steps for defenders and users.
read more →

Phantom Squatting: LLMs Enabling Web Domain Attacks

🛡️ Unit 42 found that large language models (LLMs) commonly hallucinate plausible web domains for real brands, and adversaries are registering these nonexistent domains to intercept AI-generated traffic. This phenomenon, called phantom squatting, poses a supply chain risk and was observed across multiple sectors. Researchers predicted adversary registrations 18–51 days in advance and discovered over 13,229 malicious URLs plus ~250,000 unregistered hallucinated domains.
read more →

Scammers Exploit Venezuela Earthquake Registrations

🧭Researchers uncovered 212 domains registered within five days of the Venezuela earthquake, many claiming to offer aid, donations, or rescue services. While some registrations may be legitimate, 93% hid registrant contact details and several solicit Bitcoin with no verifiable accountability. The pattern mirrors past disaster-driven scams; donors are advised to use known charity sites and avoid new or crypto-only donation pages.
read more →

Pre-positioned cyber threats around FIFA 2026 event

⚠️ Check Point Research found that cybercriminals pre-built and partially deployed fraud infrastructure targeting FIFA World Cup 2026 before the June 11 kickoff, focusing on financial services, transportation, hospitality, and gambling. Pre-tournament research highlighted weak DMARC enforcement among partners, a 60x surge in fake sportsbook apps concentrated on Google Play, and large volumes of lookalike travel and hotel domains created two months prior. Check Point's exposure, brand protection, and dark web monitoring capabilities flagged the activity and report rapid remediation metrics.
read more →

Fraudulent OpenAI organization invites target security firms

🔔 Push Security discovered a campaign where attackers create fraudulent OpenAI tenants impersonating real companies and send legitimate-looking invites to employees. The invites originate from OpenAI notification addresses, pass authentication checks, and assign recipients Owner privileges within the fake organization. Attackers used Gmail accounts to pose as company executives and even attached a billing card to the tenant, likely to reduce suspicion. Push Security warns employees could be tricked into submitting sensitive data into the workspace and advises verification and monitoring of SaaS memberships.
read more →

Prime Day 2026: Surge in Amazon-Themed Scams

🛡️ Check Point Research warns that Amazon Prime Day (June 23–26, 2026) is generating a large pre-event surge in phishing, fake storefronts, and domain-squatting operations. Between December 2025 and May 2026, thousands of Amazon-themed domains were registered, with many already flagged as malicious. Attackers are building multi-TLD campaigns, regional IDN spoofs, and convincing counterfeit product pages to steal credentials and payments.
read more →

FTC: Record $3.5B Lost to Imposter Scams in 2025

📰 The FTC reports Americans lost $3.5 billion to imposter scams in 2025, with these schemes comprising nearly one in three fraud reports. Scammers used texts, calls, emails, social media, and search results, with social platforms driving over $2.1 billion in losses. Business and government impersonators caused the largest harms, and the FTC has pursued enforcement under its Impersonation Rule to seek redress.
read more →

Aged-domain acquisition enables phishing bypasses

🔒 Phishing operators increasingly buy or hijack aged legitimate domains to bypass enterprise email filters that weight domain age heavily. The author documents a Sneaky2FA campaign using a decade-old domain takeover revealed via certificate transparency logs, illustrating gaps in reputation scoring. Detection should include hosting-pattern stability, subdomain wordlist anomaly, and CT log monitoring to catch these rapid repurposings.
read more →

FIFA World Cup 2026: Rising ticket and streaming scams

🛡️ Security researchers and law enforcement warn that FIFA-themed fraud is already targeting World Cup 2026 fans ahead of the June 11 kickoff. Threat actors have registered thousands of lookalike domains, deployed phishing kits that clone FIFA's login pages, and hidden banking trojans inside pirate streaming apps. Scams include counterfeit ticket sales, fake merchandise shops, malicious streaming apps that install banking malware, and social-media ad campaigns driving victims to phishing pages.
read more →

Pre-positioned Cyber Threats Targeting FIFA 2026

🛡️ Check Point Research and Exposure Management tracked a year-long rise in coordinated cyber threats aimed at FIFA World Cup 2026. Attackers have pre-positioned infrastructure across finance, travel and hospitality, and gambling, with active domains, fake apps, and social schemes ready to scale. The report highlights escalating fraud, domain impersonation, mobile-app impersonation, B2B spoofing risks, and potential operational impacts like ransomware and DDoS.
read more →

2026 U.S. Midterms: The Real Cyber Threats Ahead

🛡️ Check Point warns that the primary cyber threat to the 2026 U.S. midterms is not vote tampering but a coordinated assault on trust through misinformation, lookalike news sites, and domain abuse. Attackers are cloning major media brands, registering thousands of election-themed domains, and exploiting leaked credentials to fuel phishing and impersonation. Security teams must prioritize brand protection, rapid takedown, and credential monitoring to mitigate politically motivated campaigns that exploit familiar operational vectors at greater scale.
read more →

Ghost Stadium fraud targets 2026 FIFA World Cup fans

🎯 Group-IB has identified over 4,300 fraudulent domains impersonating FIFA since last August, organized across six schemes and four threat actors targeting 2026 World Cup fans. The main operator, dubbed Ghost Stadium, uses a Chinese-speaking developer and a phishing kit that clones fifa.com, including its PingIdentity SSO flow, and leverages paid Facebook ads. Other actors include domain squatters, a PhaaS supplier and infostealer campaigns, which have already harvested around 2,500 FIFA credentials. Group-IB warns ticket fraud losses could reach into the hundreds of millions and advises fans to buy only from fifa.com, avoid crypto-based offers and enable MFA.
read more →

Fake FIFA World Cup Sites Exploit Ticket Demand

⚠️ ESET researchers in Latin America discovered multiple fraudulent websites impersonating FIFA and the World Cup ticketing portal to dupe fans into registering and submitting payment details. These sites use typosquatting, copied visuals, and convincing checkout flows to harvest money and personal data. Victims arrive via ads, sponsored search results, social posts or forwarded links. FIFA confirms tickets are only sold through a few official channels; users should verify domains, avoid pressure tactics, and enable unique passwords and two-factor authentication.
read more →

World Cup 2026: Rising Cyber Threats and Scams

⚠️Cyber criminals are exploiting World Cup 2026 excitement with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal money and personal data. Domain registrations containing 'FIFA' or 'World Cup' surged to 9,741 in April 2026, and host countries recorded higher weekly attack averages in April versus March and the prior year. Check Point Research identified multiple impersonation and betting sites and advises fans to watch for steep discounts, suspicious domains, and 'vote‑to‑earn' schemes that solicit deposits.
read more →

Triad Nexus Expands Global Fraud Operations After Sanctions

🔎 Research by Silent Push finds that, despite US Treasury sanctions in 2025, Triad Nexus has expanded and refined a global fraud operation with average victim losses around $150,000. The group uses infrastructure laundering — compromised AWS, Cloudflare, Google and Microsoft accounts — to host high-performance scam platforms that closely mimic legitimate sites. It industrializes brand impersonation across banking, luxury retail and public services, enforces US IP blocks to reduce scrutiny, and has localized campaigns in Spanish, Vietnamese and Indonesian markets. Silent Push released a CNAME Chain Lookup tool to expose layered domain redirections and help defenders map the group's complex infrastructure.
read more →

Fake BTS ARIRANG Tour Ticket Websites Target Fans Worldwide

🎟️ Scammers are exploiting BTS's ARIRANG world tour pre-sales by cloning official ticket pages for multiple countries, creating at least 10 fraudulent domains observed in early April. These lookalike sites replicate the purchase flow and pressure fans into instant payments — in Brazil many victims are urged to pay via PIX, sending funds to mule accounts that are difficult to recover. To avoid fraud, fans should use only the official tour page, verify domains, confirm country-specific sales formats, and contact banks immediately if scammed. Enable banking alerts and use security software that blocks phishing sites.
read more →