Trending: Fraudsters Abuse Dynamic DNS Subdomains For Phishing
Allure Security, February 7th, 2023
Allure Security has observed an uptick in scammers using dynamic DNS (DDNS) services to claim subdomains on which they publish scam websites masquerading as known brands. In the examples we've seen, the phishing sites include brand logos and messaging as well as log-in fields.
Some DDNS providers allow users to create their own free subdomain on a public DNS server (e.g., fakesite.'DDNSprovider'.net) that will then point to the IP address of their choice. Our AI-powered detection engine has recently flagged an increasing number of phishing websites that use subdomains created using dynamic DNS providers such as Duck DNS and ChangeIP.
Below we explain this trend observed by Allure Security's threat response team, how fraudsters make use of the tactic, and tips for brands in mitigating this particular scheme.