It’s On The Internet So It Must Be True

Old CISO Update header image

This month focuses on fake domain names.  A domain name is an entity’s identity on-line, like FITNYC.EDU.  It’s been a long-standing practice among hackers to register domain names that mimic those of legitimate businesses such as 1BM.com instead of IBM.com.  However, recently attackers have taken this to a new level.  The FBI recently announced that hackers have registered hundreds of fake domains purporting to represent major airports around the country, including many in the New York-New Jersey area: For example, www.newak-airport.info.  (please don’t click on that link: it’s not legit.  I misspelled Newark on purpose here).  The full list is in the FBI publication LINK.  Perhaps the bad guys anticipate a post-covid travel boom that will drive clicks to airport-related sites, but in any case attackers could use these fake sites to do anything from gathering information to downloading malware to spreading misinformation.

What can you do?
In doing my research for this article, there doesn’t seem to be a single vetted list of all airport sites.  Major search engines can help here.  If you need to know Newark Airport’s website, using a major search engine like Google or Bing will give you a reliable answer. Don’t trust links from articles unless the source has a good fact-checking department, and don’t assume that something is valid because a friend sent it.  .com and .info web domains are available to anyone, even if their purpose is malicious.  Fraudsters often set up elaborate and convincing websites that look very much like the sites they are imitating.  Be careful, and check multiple sources.  Don’t assume that something is true because the Internet says so.

 

Stay aware, and stay cybersafe! 


About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Walter Kerner
Chief Information Security Officer
Division of Information Technology
 

Read past issues of the CISO Updates Newsletter here.