Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Community Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Obamacare related domain registration spike, Government shutdown domain registration beginning

In the last 24 hours, DomainTools reported to us that over 50 domains related to the US Government Partial Shutdown have been registered.  About a third of those are partisan oriented, most of the rest are parked.  During the same time period, ver 40 domains were registered relating to the Affordable Care Act (colloquially known as Obamacare).  So far, no spam has shown up on either subjects which was surprising to many of us that monitor these trends.

While those specific data points are US-oriented, the lesson generally is not.  Whenever there is a major event there is usually a corresponding uptick in new domains registered related to those events and spam campaigns.  The advice to users is the same, don't click on random emails and if you want to do business online, always affirmatively type in the URLs of known entities instead of using email or website links.  The federal insurance exchange website is healthcare.gov, for instance.  Other sites proclaiming they are *the* federal exchange are likely less than honest, especially if they are anything other than a .gov.

What makes these campaigns successful is an uptick in media coverage and popular awareness, especially if there is a visual component.  One of the most successful campaigns of this type was a spam campaign related to the capture of Osama Bin Laden and links the purported to be pictures or videos of the event.  The Boston bombing is another example.  What makes the potential for Obamacare related scams to work is stability of the new site combined with some confusion to the details of the new law.  Where there isn't clarity, fraud is possible.

The awareness type for those that support users is that any time something like this happens is to review with users the same tips: don't click on links, go only to known websites and let them know online miscreants will use popular interest in subjects to infect them with malware.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

John

220 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!