Why you should think twice before trusting a ‘.US’ website

Did you know that some countries have one or more digital addresses, which are pieces of online real estate dedicated solely to its online presence? Like houses in a neighborhood, these addresses give us a sense of place and belonging.

Most internet users are familiar with the ‘.com,’ ‘.org,’ and ‘.net’ domains. They are like the main streets of our global digital city, bustling with activity. On the other hand, if you wander into the quieter streets, you encounter domains like ‘.uk’ for the UK, ‘.ca’ for Canada, and ‘.au’ for Australia. Each represents a country’s unique digital territory.

 

What’s in a domain

To understand the significance of this, let’s first look at the basics. Every website has a domain name – it’s essentially its address on the internet.

While ‘.com’ is universal, country-specific domains, like ‘.US’, are meant to denote a website’s affiliation to a specific country.

This affiliation usually signifies authenticity and trustworthiness; at least, that’s what many would believe.

MORE: DON’T FALL FOR THESE FAKE, MALWARE-PRODUCING CHATGPT SITES

 

Why the suspicion around ‘.US’

In a surprising twist: the ‘.US’ domain, which you’d think would be one of the safer corners of the internet, has become quite the hotspot for malicious actors.

Imagine setting up a prestigious club with a strict guest list only to leave the back door slightly ajar. That’s essentially the ‘.US’ domain for you.

Officially, it’s for U.S. citizens, entities, or those with a genuine connection to the country. Yet dig a little deeper, and you’ll find that it appears that not everyone’s checking those credentials thoroughly.

ARE YOU PROTECTED? SEE THE 2023 BEST ANTIVIRUS PROTECTION REVIEWED

 

Maybe it’s an oversight during registration or perhaps inadequate periodic verifications, yet those loopholes are like gold for scammers. They sneak in, set up their dodgy operations, and before you know it, they’re using a ‘.US’ domain as if they are some US citizen or entity.

 

How other countries outshine the ‘. US’ domain in terms of security

When you place the ‘.US’ domain side-by-side with its global counterparts, the contrast is rather stark. Take Germany’s ‘.de’ domain, for instance; it boasts significantly fewer instances of phishing.

Meanwhile, countries like Hungary, New Zealand, and Finland have tightened the reins on their respective country domains, instituting stricter controls.

This commitment to safety has paved the way for a more secure online environment for their users, leaving the ‘.US’ domain somewhat in the shadows of these shining examples of security.

MORE: HOW TO PROTECT YOURSELF FROM ‘VISHING’ SCAMS 

 

Guardians of the ‘.US’ domain: Are they doing enough?

GoDaddy is the official registrar of the ‘.US’ domain, thanks to a contract they obtained from the National Telecommunications and Information Administration (NTIA). However, this does not mean that GoDaddy is responsible for all the ‘.US’ domains that are being used for phishing or other malicious purposes.

Some experts have criticized GoDaddy’s management of the ‘.US’ domain, saying that they are not doing enough to verify the identity and location of their customers or to enforce the terms of service to prohibit phishing, malware, and other forms of abuse.

GoDaddy has stated that they take reports of abuse seriously and that they have procedures and tools in place to combat such attacks. They also claim that they follow the ‘.US’ nexus requirements, which limit the registrations to parties with a connection to the United States.

We reached out to GoDaddy for a response but did not hear back before our deadline.

MORE: THE VERY FIRST THING HACKERS DO AS CRIMINALS

 

MORE: SCAM ALERT: WATCH OUT FOR TYPOS WHEN SEARCHING FOR WEBSITES

 

How to stay safe in the digital neighborhood

The ‘.US’ domain may have its dark corners, but with some street smarts, you can navigate the online world safely. If you’re wondering how to ensure you don’t end up on the wrong side of the digital tracks, here are some steps you can take:

  • Verify before you click: Before clicking on any link or entering any website, especially from unsolicited emails or messages, inspect the URL. If something feels off, or if you notice any strange characters or misspellings, avoid it.
  • Check the SSL certificate: Reputable websites have a secure connection, denoted by a small padlock symbol in the address bar or the website starting with ‘https://.’ If that ‘s’ is missing, think twice before sharing any personal information.
  • Update regularly: Make sure your computer, smartphone, and software are up-to-date. Many updates are security-focused, patching vulnerabilities that might be exploited.

 

Even more tips to stay safe

  • Have good antivirus protection on all your devices.
  • Use identity theft protection.

 

Kurt’s key takeaways

We often assume that a country-specific domain carries with it an inherent trustworthiness. Yet, as with many things in life, it’s crucial to scratch beneath the surface and not take things at face value.

Have you ever had a negative experience with a ‘.US’ domain site or any other site supposedly affiliated with another nation? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related posts

8 phishing email scams to watch out for this holiday season

The AI-powered grandma taking on scammers

Malicious Play Store apps put 8 million Android users at risk