Phishing via 'com-' prefix domains
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis reveals a new phishing trend using domains with a "com-" prefix to mimic legitimate websites. The scam targets users of Florida's Sunpass toll system, exploiting the similarity between sunpass.com and fraudulent "com-" domains. A surge in "com-" prefix domain registrations has been observed, particularly using top-level domains like .top, .xyz, and .com. The article suggests monitoring DNS logs for these domains, as many have been confirmed malicious. The trend shows an increase in registrations since November, with 10% of recently registered domains found in Phishtank. This tactic is part of an ongoing cat-and-mouse game between attackers and security tools.
OPENCTI LABELS :
phishing,newly-registered-domains,domain-spoofing,sunpass,dns-monitoring,com-prefix,toll-fraud
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Phishing via 'com-' prefix domains