Coronavirus-themed new registered domains showed how domain name registration behaviors can be linked back to the news. In an earlier analysis covering January to March 2020, we detected no less than 50,000 domain names with terms hinting a connection to the pandemic. domain intelligence The coronavirus caught everyone’s attention and resulted in a lot of information seeking. As a result, websites hosted on domains containing relevant pandemic search terms could make money by displaying ads on their pages. What made coronavirus-themed new registered domains ripe for phishing were achievable monetary gains, notably through the sale of personal protective equipment (PPE), refunds for canceled trips, lawsuits and settlements, and donations. Somewhat similarly, we started detecting 1,000+ this time related to the Black Lives Matter movement. As these events also gained a lot of public attention, this post considers possible malicious or misinformative angles that could be taken in the coming weeks using these domains. new registered domains Surge in “George Floyd” and “Black Lives Matter” New Registered Domains Domains that contain the strings “eorge” and “loyd” appeared in the Domain Name System (DNS) recently. From 28 May to 15 June, some 356 variations of George Floyd’s name (most containing typos) were noticed. Below are a few examples: georgefloyd[.]black georgefloyd[.]info georgepfloyd[.]com georgefloyd[.]net georgesfloyd[.]com george-floyd[.]org georgefloyde[.]com georgefloyd[.]news georgefloyd[.]website georgefloyd[.]store georgefloyd[.]help george-floyd[.]net georgefloyd[.]party igeorgefloyd[.]com We also tracked domain names that contain the following strings: “lackliv” for Black Lives Matter “loyd” for George Floyd “allli” for All Lives Matter In total, 1,140 domain names related to George Floyd and Black Lives Matter were detected within 19 days of monitoring. The registrations peaked on 1 June, around the time that the Black Lives Matter movement drew global attention. What Are the Possible Repercussions of Related Domain Name Registrations? Studies show that of new registered domains are malicious or suspicious, possibly figuring in phishing campaigns and malware attacks. Some of the George Floyd and Black Lives Matter domain names’ end goals could be similar. A few possible repercussions of these domain name registrations include: 70% 1. Scams That Bank on Emotional Responses Scammers are good at triggering reactions. Domain names such as georgefloydcharity[.]com, georgefloydcharityfoundations[.]org, blacklivesmatterfund[.]com, blacklives[.]support, and their variations, for instance, could convince sympathizers to extend monetary donations. While some of these domains belong to legitimate charitable foundations, several could be operated by scammers. In fact, a fake Black Lives Matter claimed to be raising money for activists and obtained around US$100,000 in donations. People looking to donate to the Black Lives Matter movement and Floyd’s family should thus exercise caution. Facebook page 2. Phishers Masquerading as Legitimate Organizations The Black Lives Matter movement is not new. Blacklivesmatter[.]com has been up since 2013. A look into supports this claim as it allowed retrieving the domain’s WHOIS record from October 2013. WHOIS history But anyone can use the words “Black Lives Matter” in their domain names. Hundreds of new registered domains were found in our analysis using different top-level domain (TLD) extensions or containing typos, a subset of which include: blacklivesmatter[.]site blacklivesmstter[.]com blacklives-matter[.]com blacklives-matter[.]store blacklivesmatter[.]miami blacklivesmatter2[.]com blacklivesmatter[.]top blacklivesmatter[.]live blacklivesmatter[.]life blacklivesmatterco[.]com blacklivesmatter[.]family blacklivesmatter[.]today blacklivesmatter2020[.]shop blacklivesmatter2020[.]store blacklivesmatter2020[.]org blacklivematters[.]com blacklivematter[.]org blacklivesmatter[.]support blacklivesmatterstore[.]us Using a , we found that many of these domains are not hosting any consumable content—either because they are parked, have a site under construction, or are pending WHOIS verification. Some did host an e-commerce website, which may or may not be affiliated with official representatives of the BLM movement. screenshot tool 3. Disinformation Campaigns Another way that these domains could be used is to spread disinformation about the Black Lives Matter advocacy in general. recently asked the National Intelligence Director to determine if foreign entities are using the Internet to take advantage of the country's social unrest by spreading disinformation. Based on historical behavior, some international actors have used the Black Lives Matter movement to spread discord via . U.S. officials fake BLM social media accounts It may still be too early to say whether “Black Lives Matter” and related new registered domains will result in a subsequent wave of scams and disinformation campaigns. Monitoring telltale signs of phishing and fraud is nonetheless recommendable.

Facebook

Winner of Noonies 2020 for the award Hacker Noon Contributor of the Year - GOOD COMPANY.

#BLM Triggers Thousands Of Domain Registrations : What This Means

Too Long; Didn't Read

Company Mentioned

@WhoisXMLAPI

RELATED STORIES