BrianKrebsSep 1, 2023

Why is the .US domain -- the country code top-level domain (ccTLD) for the United States -- consistently among the most prevalent in phishing domains?

And why is this okay, when other ccTLDs that also restrict registration to residents/citizens don't seem to have this problem? And when a fair number of .US domains are used to attack US government agencies? Today's story explores these questions:

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/

Why is .US Being Used to Phish So Many of Us? – Krebs on Security

Show threadKevin Karhan Sep 1, 2023
@briankrebs what really makes me boil is that .gov, .mil & .edu is U.S. centric, as if there is no Government, military and espechally no education outside of the USA.
Show threadhackbyte Antifa (friendica) 13HB1Sep 1, 2023
@kkarhan @briankrebs OH boy ......that's a completely differen story on it's own. ;)
Show threadKevin Karhan Sep 1, 2023
@hackbyte @briankrebs yeah, but to go back to the point: #Spam is a big issue and 99,9% of all Spam that isn't bring #DROP'd by #Spamhaus blocklists are from #GMail, #YahooMail, #Hotmail / #Outlook.com / #Office365 / #AzureHostedExchange and domains hosted by registrars like #GoDaddy, because #Google, #Yahoo, #Microsoft and the Registrars refuse to even process #Abuse #reports at all.
Show threadKevin Karhan Sep 1, 2023

@hackbyte @briankrebs
Like it's not even a "please click our #CAPTCHA meant to prevent false reports by bots (which isn't a thing btw!) but literally Registrars like #GoDaddy saying in corporate legalese:

'We don't give a f**k about spamming and we won't do jack shite about that!'

There's a reason .de domains are one of the best regarded, and it's not because #DeNIC demands a legal resident with a fax number as contact, but because regulators like @BNetzA are rightfully short-fused re: #SPAM.

Show threadKevin Karhan 

@hackbyte @briankrebs @BNetzA

Amd no, "#unsubscribing" only confirms it as real amd one.gets spammed form 5+ others in retaliation vecause there is no #Provacy or #DataProtection law in the #USA. (#COPPA doesn't count because it's a legal figleaf noone complies with!)
https://github.com/greyhat-academy/lists.d/blob/main/spammers.domains.block.list.tsv

lists.d/spammers.domains.block.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
Sep 1, 2023 at 9:20pmWeb