As you know DomainSkate is part of a global consortium that regularly submits malicious or fraudulent domain names into a database that is checked by Registrars, Searches Engines, and Security Companies, for the purpose of marking these domains as threats and getting them taken down quickly.
In the near future we will be including a button on the dashboard that will allow users to refer domains directly through the system for immediate submission to have such sites taken down. We will be sending out another update as we get closer and providing a demonstration of how the system will work and help streamline your enforcement work going forward.
Another feature we are adding to the system is the ability to evaluate macro-level data on your domain dashboard and dig into that data to see where common threats may exist. This will allow users to filter through data to find common IP addresses, registrant information, country information, registry information, and the like. With new privacy and data laws, like the GDPR (General Data Protection Regulation) in the European Union, and the California Consumer Protection Act, many Registrars are taking the position that they are not going to provide public facing WHOIS data on the basis that this would violate the law(s). The American Bar Association has noted that Registrars are not even complying with the basic requirements of transparency since the implementation of the GDPR. As such, we have been moving toward finding domain name data and touch points that exist outside of WHOIS that can help identify the owners of malicious websites.
Above is a small example of what the new interface and data will look like, and we will be providing demonstrations and tutorials to review the new system once it is live.
Like almost every industry, cybersecurity and brand protection are already starting to feel the effects of AI – both positive and negative. On the positive side, we have incorporated several AI modules into our system to help us find malicious domain names. This is making our work more efficient and helping us keep up with the larger numbers of threats we are seeing everyday.
On the other hand, AI is also providing bad actors with better tools for running scams and putting out more convincing phishing attacks. For example, ChatGPT can be used as a handy tool for scammers to work multiple scams efficiently and in languages that were formerly inaccessible to them or would come off as unauthentic. Further, malcious chat-bots like FraudGPT (which was released on July 25, 2023) are being created and publicly offered for use by scammers to give them AI tools to facilitate their scams. FraudGPT is a ChatGPT clone trained on malware-focused data.
There has also been a recent surge in registrations for the .AI Top Level Domain Name – which is the country code for Anguilla. Registrations for .AI domain names are up over 150% from last year and there are numerous recent articles discussing that .AI has become the name of choice for many startup companies, even those that are not necessarily focused on artificial intelligence. A .AI domain name is more expensive than most other registries, so we are not seeing a ton of scams coming from .AI domains, but there has been a lot of speculative registration by registrants wanting to capitalize on the association with AI and make a quick profit on the domain reseller market.
There are now thousands of unregulated Top Level Domains in the blockchain (equivalent to .COM), and more are on the way. One of the big issues for crypto domain names is that they are not accessible to the “Regular” Internet (Web2). This makes things difficult for scammers that are looking to accept cryptocurrency. There is a new extension coming out in September for .BOX that is being led by the Ethereum Name Service that is publicizing the ability to bridge this divide.
As of right now there is no explanation from .BOX or Ethereum as to how they will accomplish this, so we will be watching closely for updates. Crypto domains are a convenient landing place for scams that start online, in social media, or are linked to smishing texts, and the ability to navigate between Web2 and Web3 could make crypto scams much more potent and easier to run. If your business is considering accepting cryptocurrency please let us know and we will schedule a time to discuss the domain name implications that are important to consider.
There is a domain extension that we recommend you do *not* purchase for your brand. It is expensive, in bad taste, and is essentially used for attacking or extorting legitimate brands.
It’s called “.sucks” and the name speaks for itself.
In 2015, the “.sucks” domain name debuted at a cost of $2,499 per year, and many large corporations jumped to protect their brand. Since then, the annual fee has hovered between $249 and $300 per year.
Registrations under this top-level domain have been on a steady decline, falling from over 13,500 domains in mid 2021 to under 6,600 just 6 weeks ago.
Then the world’s largest registrar, GoDaddy, decided to start selling “.sucks” domains for $300, although the first year cost $99. In just two weeks, the trend reversed from steady-decline to steady-growth.
There is no doubt that your brand could be harmed if it is registered by someone else, but DomainSkate firmly cannot recommend registering a “.sucks” domain name. Instead, at no additional cost, we will file to takedown any website that is published under your brand name with a “.sucks” extension.
Soon, we will announce publicly that DomainSkate will file take down paperwork for free for any company whose brand is registered under “.sucks” by a third-party. Tell your colleagues – DomainSkate is here to help.
DomainSkate has hired David W. Schropfer as our new EVP of Operations. He is charged with growing our revenue and getting our message to many, many more professionals like you. To do that, he is building our Sales, Marketing, and Public Relations efforts. He is excited about making DomainSkate the leader in Online Brand Protection, and he is the right person for the job because he has built several profitable technology-based businesses for both corporate employers and startups.
For example, he built an $85M cellular business in the late 1990’s with Capital One, then a $90M VoIP business in the mid 2000’s with IDT Telecom. Then, as a partner with the Luciano Group (an international consulting firm), he helped large companies (including a Fortune 5 company) build their mobile strategy leveraging the security and technology available in smartphones. Then he launched a cybersecurity company theSAFE.io to use advanced cryptography and mobile technology in the Identity and Access market.
Published for the first time in 2010, David authored a total of five books with a focus on cybersecurity and technology. His latest book, “Digital Habits, 5 Simple Tips to Help Keep You and Your Information Safe Online Everyday,” is available at Amazon.com and Barnes and Noble bookstores.David is the host of the cybersecurity podcast DIYcyberguy, and he has delivered dozens of keynote addresses and panel discussions at industry conferences. He received an MBA from the University of Miami, and a BA from Boston College. He lives with his wife and two inspirational daughters in New York.
If you want to take a quick look at some domains for other brands, a quick and easy way to do that is using ThreatFinder. Click here for a short how-to video: https://www.domainskate.com/videos/tf_intro/
You may have noticed that we have dramatically updated the DomainSkate website. Here is a quick summary of what we did, and how it will help you navigate our website more easily.
In the image below, we listed some of the main improvements: