The internet is teeming with fake news sites. That's not a political statement, but the conclusion of a new study by DomainTools, a security analysts company.
The new study analyzed some of the top media outlets in the U.S. to determine their susceptibility to domain-squatting and spoofed domains. The bogus URLs may spread disinformation or malicious code, according to DomainTools.
“As distrust of traditional media continues to grow, protecting the public from disinformation campaigns has become pertinent to the democratic process,” says Corin Imai, a senior security advisor of DomainTools.
So which news sites have the highest fake scores? And what does it mean for the average news consumer? You'll probably be surprised by the answers.
Why study fake news sites?
Authenticity and trust are the building blocks of a terrific customer service experience. So, as a consumer advocate, and as a heavy consumer of news, I follow studies like this closely.
DomainTools' research shows how malicious actors use tricks like typosquatting and spoofing on domains as tactics to carry out malicious campaigns.
Typosquatting, also called URL hijacking, relies on mistakes made by Internet users when typing a website address into a web browser. Spoofing happens when a scammer pretends to be a premium publisher. These criminal activities can potentially extract personally identifiable information, download malware to a device, or spoof news sites to spread disinformation.
"It’s no secret that disinformation campaigns have been on the rise," Imai told me. "With the uptick in fake news sites in recent years, we were curious about the possible connection between typosquatting campaigns and the dissemination of disinformation. What we found is that domain names of top news outlets have indeed been spoofed, and subject to typosquatting techniques."
These are the most fake news sites
Among the news site rankings, there are a few surprises. The top news site, for example, is not a national newspaper or a computer-security site but has still managed to draw a record 52 "high risk" domains, according to DomainTools. The "safest" of the sites also fits the same description.
Here's the list of publishers with the most high-risk domains:
1. Newsday (52 historical high-risk domains)
2. The New York Times (49 historical high-risk domains)
3. The Washington Post (20 historical high-risk domains)
4. The New York Post (16 historical high-risk domains)
5. Los Angeles Times (13 historical high-risk domains)
6. New York Daily News (10 historical high-risk domains)
7. USA Today (9 historical high-risk domains)
8. The Boston Globe (6 historical high-risk domains)
9. CSO (5 historical high-risk domains)
10. Chicago Tribune (5 historical high-risk domains)
DomainTools chose an initial list of media organizations based on traffic to the legitimate site.
"We had a hunch that the media organizations with the highest readerships were likely to be more lucrative for scammers seeking to spoof domain names," says Imai. "Our team compiled a list of the top media organizations based on audience size. This methodology gave us not only a set of online properties to investigate, but also a sense of the potential pool of the criminals’ targets."
(Oh, and in case you're wondering -- Forbes didn't make the list. It's squeaky clean.)
Why fake new sites matter
For news consumers, the biggest threat is what's referred to as "typosquatting," according to DomainTools (registering Forbs.it, for example, and posting bogus posts). It's particularly important, considering how frequently users misspell words, and how easy it is to fool even vigilant internet users.
Typosquatters can look legitimate, with legitimate SSL certificates and professional websites, used to trick Internet users into a false sense of security.
The bad guys also re-purpose once valid Internet real-estate, squatting on old, once-legitimate domains. That buys them time to iron out any inconsistencies with their attack infrastructure, allowing them to escape detection, according to DomainTools.
How to avoid fake news sites
Sites that spread disinformation often take advantage of the pace at which users skim the internet and their preferred news sources for breaking news. These campaigns could potentially steal and harvest personally identifiable information, download malware to a device or spoof news sites to spread disinformation to the public, according to DomainTools.
How do you avoid a fake news site?
Think before you click. Hover your mouse over any suspicious domain names or links to find out if they’re legit. "By hovering over a domain name, you’ll be able to get a glimpse to find out if they are who they say they are," says Imai.
Consider bookmarking your favorite news sources. That allows you to avoid misspelling the domain name when typing into the search bar.
Watch out for domains that have COM-[text] in them. "We're so accustomed to seeing .com that we can easily overlook the extra text appended to it with a dash," says Imai.
Go directly to the news source website. Don't follow a link through a newsletter or email.
Stay security savvy. "Remain educated and up-to-date on the latest scams that circulate through the web," says Imai. "Flagging suspicious emails and sending them straight to spam is also another great method to consider when steering clear from unusual activity."
Use a reliable search tool.Type in the name of the news site into Google search instead of into the address field. This will prevent any typos you may make from pulling up a fake site.
Will this change how people consume news?
As part of my research, I asked regular news consumers if the presence of fake news sites would affect their trust in the news media. Would it surprise you to hear that the answer was "no"?
Roughly one-third of my readers said they don't trust any mainstream media outlets, including all the ones for which I write. Ouch. Another third only trusts established mainstream media outlets like this one. And the balance reflected the sentiments of Patricia Seward, a retired health care executive from Kansas City.
"I don’t trust any of the news outlets," she says.
In other words, the DomainTools research, while interesting, is unlikely to change the highly polarized view of the news media in the United States.