BrianKrebsSep 1, 2023

Why is the .US domain -- the country code top-level domain (ccTLD) for the United States -- consistently among the most prevalent in phishing domains?

And why is this okay, when other ccTLDs that also restrict registration to residents/citizens don't seem to have this problem? And when a fair number of .US domains are used to attack US government agencies? Today's story explores these questions:

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/

Why is .US Being Used to Phish So Many of Us? – Krebs on Security

Show threadMike V 

@briankrebs As someone who would like to have their last name as a domain in .us (think [email protected] for email address), but I can’t because it’s registered to a company in Italy, I am happy to report that the nexus requirement is an absolute joke.

Namecheap, the registrar for the domain, has allowed an Italian company with no presence in the US, and the Italy country code as their nexus required “state of residence”, to register the domain name.

But for me to contest the validity of the current registration, it appears that I would need to spend hundreds or thousands of dollars with no guarantee that the outcome would allow me to register the domain. Even though I’m a US citizen, and the current registrant has no US presence.

Sep 1, 2023 at 6:44pmWeb