Release Date: September 26, 2023

Police are warning the public that cybercriminals have been using over 20,000 .us top-level domains in phishing attacks. A top-level domain is the final section of a domain name, such as “.com” or “.ca”.

 

Although .us is the country code for the United States, cybercriminals have been using this domain to attack organizations worldwide such as Apple, Great Britain’s Royal Mail, and the Denmark Tax Authority. Cybercriminals may use these domains to trick you into thinking you’re visiting an official US website instead of a malicious one. Clicking a malicious .us link from cybercriminals could lead to malware or trick you into revealing sensitive information.

 

Follow the tips below to spot similar scams:

 

  • Never click a link in an email that you weren’t expecting.
  • Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.
  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.

 

Stop, look, and think. Don’t be fooled by the scammers.