SIDN, the organization that deals with the management of the .nl domain, has identified 451 phishing sites that focus on the domains of health insurers. That’s what the malicious sites do with very similar domain names.
According to SIDN internet criminals use the sites to focus on people who ‘orientate themselves towards a new health insurance policy’, something that often occurs around Prinsjesdag. Roelof Meijer, director of SIDN, says: “We often see that cybercriminals respond to current events or the introduction of new tools or services, but health insurances are no different, which is why health insurers are alert in the busy period after Budget Day.” He continues that health care data are popular on the black market, because they can be used to declare unjust healthcare costs.
The analysis was carried out by looking for domain names with brands. There was initially a list of 14,781 domains. By ‘analyzing a number of elements’ it was subsequently established that 451 of these sites may be phishing sites, although SIDN says that the results are probably not completely reliable. As an example of a malicious site, the organization mentions the page ‘Unifectible’, which tries to persuade visitors to install an extension for ‘safe browsing’. In reality, however, it would be malware.
SIDN says it has started a procedure to take the site offline, but shortly before the publication of this article it was still active. Typosquatting is a well-known method for drawing traffic to a specific domain by registering a strong looking domain. The name refers to the phenomenon that people enter the name of the legitimate domain incorrectly, so they end up on the malicious domain. However, typosquatting can also be used to send inattentive users via links to malicious sites.