New Top-Level Domains Used Exclusively for Scamming
posted Thursday Sep 3, 2015 by Scott Ertz
A few years ago, ICANN, the organization that oversees the overall Internet protocols, proposed a slew of new top-level domains. TLDs are the suffix at the end of a website. Most commonly you will see .com, .net, .tv, etc., but there are many others, and new ones are being added all the time.
When these new TLDs were initially proposed, there was a lot of concern that they could create places that could promote negative behavior. For example, if there are hundreds of TLDs, getting an email with a link to http://chase.zip could easily take you to a phishing site. Normally people who are observant will look to ensure the website makes sense, but many won't understand the difference between chase.com and chase.zip. Once you're on the site, a user might enter their password and have their bank account emptied fairly quickly.
As it turns out, these fears were entirely accurate. In fact, there are some TLDs that are almost entirely, if not 100%, shady. This comes to us thanks to a report by Blue Coat, a security firm that scanned known sites to determine the shadiest "neighborhoods" on the Internet. The results might be a little surprising to some, and even more importantly, some of the results don't make a lot of sense.
For example, 100% of sites that end in .zip in their database were classified as "shady." The problem with this one is that .zip is not available yet. In fact, there is only a single domain in existence in the TLD, and that is owned by Google and redirects to Google's domain registration service. Luckily, Blue Coat has an explanation for this behavior.
An unfortunate scenario is that 100% of known domains ending in .review also show up as shady. That is truly disappointing, as this TLD was one I was personally excited about - being able to distinguish review sites from traditional content. Apparently this is not to be the case, however. Also on the list, with 97% or higher shady rankings, are country, kim, cricket, science, work, party (not surprising), gq and link (also not surprising). It is important to note that gq is actually not a new TLD, but a country code for Equatorial Guinea.
Not all TLDs are bad, though. Church has a less than 1% and london only 1.85%. It's good to see that not everything is being taken advantage of, but it is disappointing to see some of the better ones being used so heavily for nonsense. The important takeaway here is that you should always inspect your FULL domain path before visiting a website, not just the core. Be vigilant whenever you are online.