Cybersquatting, the process by which domain names are registered to mimic those belonging to legitimate companies, has always been a problem. Now a new report from Palo Alto Networks Inc.‘s Unit 42 threat intelligence team details how the practice continues to rise when it comes to major brands.

The report details how Palo Alto Networks’ squatting detector system discovered that 13,857 squatting domains registered in December, at an average of 450 per day. Of those domains registered, 2,595 or almost 19%, were found to be being used for malicious purposes.

Some 5,104 more domains, or almost 37%, were found to present a high risk to users visiting them. The latter included evidence that the domains had associations with malicious URLs within the domain or were using bulletproof hosting favored by bad actors.

To no great surprise, top companies were found to be targeted by cybersquatters the most. Paypal Inc. topped the list followed by Apple Inc. and the Royal Bank of Canada. Rounding out the top 10 were Netflix Inc., Microsoft Corp.’s LinkedIn, Amazon.com Inc., Dropbox Inc., Tripadvisor Inc., Bank of America Inc. and Mexican bank Grupo Financiero Banorte, S.A.B. de C.V. Facebook Inc., Google LLC and Microsoft Corp. ranked 13th to 15th.

The domains were used for a variety of purposes. Phishing, the process by which malicious actors attempt to steal login details for legitimate sites, topped the list, followed by malware distribution.

Third on the list is what the report describes as a “re-bill scam.” That’s designed to steal victims’ money by offering a small initial payment for a subscription service such as weight loss pills. When a user doesn’t cancel the subscription after the promotion period, a much higher charge appears on the credit cards.

Potentially unwanted program scams were also popular, particularly targeting domains related to Wal-Mart Stores Inc. and Samsung Electronics Co. Ltd. In those cases, the sites distribute programs such as spyware, adware or a browser extensions. Once installed, the programs then make unwanted changes such as changing a browser’s default page or hijacking the browser to distribute ads.

“We recommend that enterprises block and closely monitor their traffic, while consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site,” the report concludes.

Image: Palo Alto Networks