Yesterday, January 2nd, my wife received a billing alert from her phone provider.
Luckily, she's not with EE - because it's a pretty convincing text. That domain name is specifically designed to include the day's date.
If you're stood up on a crowded train, with your phone screen cracked, would you notice that a
. is where a
/ should be? A quick look at the URl shows a trusted domain at the start - followed by today's date.
It starts with
https:// - that means it's secure, right? Is
.info even recognisable as Top Level Domain?
Scammers know these domains get blocked pretty quickly - so there's no point registering a generic name like
billing-pdf.biz only to have it burned within a day. By the time I'd fired up a VM to inspect it, major browsers were already blocking the site as suspicious.
Is there any way to stop this? No, not really. Domain names are cheap - you can buy a new .info for a couple of quid. The
https:// certificate was freely provided by Let's Encrypt. The site was probably hosted somewhere cheap, and whose support staff are asleep when abuse reports come in from the UK.
And that's the price we pay for anyone being able to buy their own domain and run their own secure site.
Money and technical expertise used to be strong barriers to prevent people from registering scam domains. But those days are long gone. There are no technical gatekeepers to keep us safe. We have to rely on our own wits.