Again, it was to be expected that scammers would jump on the new domains ending in â€“ like .support. The interesting thing now is, that as they own the domain they can fake two thing:
- If you mouse-over the link, what you see is what is under the link. So, we trained users for years now that they shall move their mouse over the shown link and if they see a mismatch â€“ never click on it. This does not work anymore as e.g. microsoft.supoort or swisscom.support is good enough to trick a certain percentage of users.
- Second, as they own the domain it seems that they are able to get certificates from certain CAs. Now it gets even worse: The lock closes and the average user feels to be on a trusted site.
I guess, there will be more to come: https://isc.sans.edu/diary/https%3Ayourfakebank.support+–+TLD+confusion+starts!/18651
- .Com Versus New gTLDs: Real World Test Results (domaininvesting.com)
- 2nd Round gTLDs: the Good, the Bad, and the Ugly (circleid.com)
- This is the biggest week yet for new TLDs (16 domains!) (domainnamewire.com)