.US Domain Scam Prevention

The Interisle Consulting Group has released a report highlighting the exploitation of more than 20,000 .us top-level domains by cybercriminals for phishing attacks. A top-level domain constitutes the concluding segment of a web address, such as ".com" in "losb[.]com."

Despite .us being the country code reserved for the United States, malevolent actors have wielded this domain to target entities across the globe, including prominent organizations like Apple, Great Britain's Royal Mail, and the Denmark Tax Authority. The malefactors leverage these domains to deceive users into believing they are visiting an official U.S. website, concealing their malicious intent. Clicking on a malevolent .us link distributed by cybercriminals can result in malware infiltration or the unwitting disclosure of sensitive data.

To recognize similar scams, consider the following precautions:

1. Avoid clicking on links within emails if you did not anticipate receiving them.
2. Exercise caution before clicking, as cyberattacks often aim to catch individuals off guard and prompt impulsive clicks.
3. When receiving an email, pause and scrutinize it for warning signs, such as emails sent outside typical business hours or those containing spelling or grammatical errors.