Vigilance following a massive registration of suspicious .fr domain names
An anonymous person recently submitted a list of nearly a thousand domain names that are broadly similar to many websites owned by well-known brands or institutions. A sign that can predict potential future hacks.
Wyoutube.fr, lefirgaro.fr or beboncoin.fr, these are the 967 domain names that were deposited with the German depository company Key-Systems in the middle of last week. Each of these domain names, barring a few typos or misspellings, copy many websites known to the general public. This technique that is calledTyping error‘ allows us to abuse our brain’s ability to reconstruct and understand words despite mistakes. And if the spelling mistakes are missing, then it is an abusive or misleading name registration such as Tax reductions.fr.
The day before yesterday, a third party registered 967 .fr domains (ie 31% of the .fr domains registered that day!), which resemble the names of many organizations. Among them : @InseeFr, @AcCreteil, @Conforama, @forumactive, @Alpes-Maritimes, @free…
The full list: https://t.co/ZtE7FqHEq3
— Mikołajek (@_mikolajek_) July 22, 2022
We then find an unmanageable number of copies of websites run by institutions such as asemblee-nationale.fr Where sorbone.frto regularly visited sites such as alexpress.com Where zalandon.frvia media such as huffingtopost.co.uk, lesmonde.fr. This type of domain name is commonly used in two scams. Either users click on these fake pages subconsciously after searching the internet which can bring lots of unpleasant surprises. Either a large phishing campaign can be set up. We must be extra vigilant.
Worry before you get alarmed
If this type of operation is worrying, it remains rather rare and is subject to various controls. Pierre Bonis, chief executive of Afnic, the state-appointed registry for managing .fr domain names, confirms this Parisians the existence “justification procedure‘ was opened for this suspected case. The buyer has 7 days to confirm the €6,800 identification details they provided at the time of purchase. If nothing is done, the different locations will be closed after a month.
However, if you are confronted with such a suspicious website, you always have the option to report it to the relevant authorities, e.g signal-spam.fr or the Pharos platform available on internet-signalment.gouv.fr.