Protective DNS provider sees surge of scam activity, urges greater cyber awareness
WASHINGTON, D.C. – November 13, 2024 – DNSFilter revealed today a significant rise in malicious domains related to the election and the holidays. A major rise in new domains with little to no content signals bad actors’ attempts to capitalize on this quarter’s most important events and calls for robust DNS security and greater cyber awareness.
The recent election brought a surge in online activity, with voters searching for reliable sources of information, donation sites and real-time polling data. At the same time, with the holidays coming up quickly, the data revealed heavy traffic to domains that indicate scammers are taking advantage of shopping trends—right on time, every year.
New domains alone represented a substantial percentage of requests related to the US election, with increased traffic months before the polls opened. One domain using the word “vote” was registered on June 4; only three days later, traffic to that site peaked—27 times above the daily average of domains with “vote” in the domain name over the last year.
This domain contained low-authority backlinks and is now parked – an activity often connected to malicious intent. On September 18, 2024 there was another “vote” domain spike – 13 times above the daily average – with constant traffic September 17-29, 2024. This revealed consistent interest in voting-related domains as the election approached. Meanwhile, blocked request data with “polling” in the domain name shows a pattern of higher activity in late August 2024; spikes reached almost 2,000% above the average of daily requests.
Traffic to domains containing the word “ballot” saw an unprecedented peak on June 16, 2024, with requests rising 74 times above the daily average. This massive increase is much higher than other categories, suggesting an especially strong interest or targeted activity for ballot-related domains. This spike could be related to a documented increase in phishing scams targeting voters.
As for seasonal shopping data, many shopping-related new and malicious domains used the “.shop” and “.deals” TLDs (top level domains). Starting in August, traffic to new and malicious domains using “deals” in their name began to increase, peaking on September 17. Almost half of them were categorized as phishing; about 35% were categorized as new domains.
Now that the holiday season has arrived, more shopping and deal scams will become widespread. Last year, there was a massive rise on Cyber Monday to a phishing domain with “cybermonday” in its name, with peak traffic on Black Friday and Cyber Monday.
Malicious traffic likely peaked far earlier than the election took place because the intent was to influence voters or exploit key election milestones at moments of high tension. Malicious holiday traffic, however, has a more direct goal: Convince the end user to enter their credit card details.
TK Keanini, CTO, DNSFilter, said: “Staying secure online goes beyond the election and the holiday season – you need to be safe all year. Organizations should practice the fundamentals for their end users, and individuals should be more cyber aware in every interaction. Take those steps and you won’t have to stay hyper-vigilant during high-risk periods; you’ll already be set up for success.”
About the company:
DNSFilter is redefining how organizations secure their largest threat vector: the Internet itself. DNSFilter is making the Internet safer and workplaces more productive by blocking threats at the DNS layer. DNSFilter resolves upwards of 130 billion daily queries. With 79% of attacks using Domain Name System (DNS), DNSFilter provides the world's fastest protective DNS powered by AI, blocking threats an average of 10 days faster than traditional threat feeds. Over 35 million users trust DNSFilter to protect them from phishing, malware, and advanced cyber threats.
Media Contact
Shannon Van Every
Force4 Technology Communications