← All stories
● Covered by 1 source Β· 1 reportMedium impact

AI-Generated Domains Used in Phishing Attacks via Phantom Squatting

Aggregated by BrevFeed security Β· updated 1d ago
πŸ”– Save

Attackers are purchasing domains created by AI models before anyone else, leveraging misplaced trust from users. This tactic, termed 'phantom squatting' by Palo Alto Networks' Unit 42, poses significant risks as AI-generated links can mislead users into visiting malicious sites.

Key points

Phantom Squatting Explained

Phantom squatting occurs when attackers register web addresses invented by AI language models. These domains are perceived as trustworthy because they have no prior history or reputation, allowing cybercriminals to host phishing pages that lure unsuspecting users.

The Research Findings

Palo Alto Networks' Unit 42 studied two AI models that were queried with 685,339 questions about top brands across various sectors. The models created 2.1 million links, with 13,229 already flagged as malicious. Furthermore, around 250,000 generated domains had no registered owners, making them prime targets for phishing schemes.

Exploiting AI Limitations

The effectiveness of phantom squatting is due to the lack of historical data for newly registered domains. As these domains don’t have a history of malicious behavior, they bypass traditional security measures. Moreover, AI models can repeatedly generate the same fake domains, making it easier for attackers to predict and exploit.

Real-World Cases

Unit 42 documented instances where AI models invented specific domains resembling legitimate services. One notable case involved a fake domain mimicking a national postal service's online platform, which was registered by an attacker shortly after the AI suggested it, underscoring the speed at which these tactics can be implemented.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Attackers are purchasing domains created by AI models before anyone else, leveraging misplaced trust from users. This tactic, termed 'phantom squatting' by Palo Alto Networks' Unit 42, poses significant risks as AI-generated links can mislead users into visiting malicious sites.