Delete all these texts now gettyThe dangerous email and text threat campaigns making headlines this year are designed to trick you into clicking a link that will steal your credentials or install malware on your device. Some of those links are in an email or text or social media post and some are in an attachment. Others may be disguised behind an image or QR code. The demand for devious domains to successfully trick users has never been higher.
DomainTools has just warned that "the sheer volume of newly observed domains in 2024 was over 106 million — approximately 289,000 daily creating a significant challenge for security teams." The report shares many “publicly reported malicious domains and the global scale of all newly observed domains.” These malicious domains are the links you see in unpaid toll, undelivered package and other scam text messages.
But even more alarming than the scale of this attack industry is the rapidity with which it moves. DomainTools CISO Daniel Schwalbe tells me “the common cradle-to-grave life cycle of a malicious domain is 24 hours.” That means it all has to happen in a single day before the link stops working. Below are typical keywords for links to malware that have just that day to hack your phone or phishing sites to steal your credentials.
Common Malware Delivery Domain Name Keywords
DomainToolsNo sooner have users hit the scam button or reported the malicious message link, than the scammers are unwrapping another new domain that won’t yet be on any filter list. This is yet another reason Apple and Google and telco networks are under fire for a seeming inability to cut off these text scams that helped drive U.S. losses from such frauds up 33% to more than $16 billion last year.
The FBI warns users to delete all so-called smishing texts from your phone. These are texts containing the malicious domains that lead to malware, credential harvesting, even identity theft. It’s fueled by Chinese organized criminal gangs that operate on an industrial scale. And it will soon evolve from undelivered packages and unpaid tools to sophisticated financial campaigns mimicking your bank or credit card provider.
Common Credential Harvesting Domain Name Keywords
DomainTools“The fact there are almost 1,500 top level domains active on the internet right now,” Schwalbe warns “is both a blessing and a curse. Threat actors are certainly capitalizing on the opportunity to either get very cheap domains, or register domain names that impersonate legitimate businesses and organizations under lesser known TLDs.”
Not only are these unlimited domains cleverly crafted, but new tricks are coming into play as well. This week, Group-IB warned that it has “uncovered an ongoing phishing campaign impersonating toll road services, using Google AMP links and browser fingerprinting to evade detection.” In these new attacks, “scammers leverage trusted platforms like Google AMP to mask phishing URLs, redirecting victims through legitimate domains to evade detection and abuse user trust.”
source
