Phishing-as-a-service (PaaS) solutions like the recently discovered Frappo,¹ make brand impersonation campaigns easy to instigate and automate. Among those targeted by the new toolkit were large companies in the financial, e-commerce, and entertainment sectors, namely, Amazon, ATB Financial, Bank of Montreal (BMO), Bank of America (BOA), Chase, CIBC, Citibank, Citizens Bank, Costco, Desjardins, M&T Bank, Netflix, Royal Bank of Canada (RBC), Rogers, Scotia Bank, Tangerine Bank, TD Canada Trust, Uber, and Wells Fargo.

To see how impersonation campaigns related to the target brands are affecting the Domain Name System (DNS), we looked at recent domain registration activities. Below are some of our findings.

• 16,800+ domains added since 1 April 2022 contained the names of the target brands
• 14,400+ IP resolutions pointing to 5,800+ unique IP addresses
• Only 0.71% of the domains could be publicly attributed to the target companies 
• 800+ of the domains are already being flagged as malicious by various malware engines

Download a sample of the threat research materials now or contact us for access to the complete research materials.

---

• [1] https://resecurity.com/blog/article/welcome-frappo-the-new-phishing-as-a-service-used-by-cybercriminals-to-attack-customers-of-major-financial-institutions-and-online-retailers