The Freename Forum

The rise of .shop appears to be increasingly attracting cyber criminals. Symantec, a US provider of security software, reports that the extension has recently been increasingly misused to send spam emails for cryptocurrencies. The company has observed persistent waves of spam designed to entice recipients to click on shortened URLs, which in turn redirect to fake .shop domains hosting cryptocurrency content. This can be recognised, among other things, by the fact that the subject lines consist of random first and last names and are sent via providers of free email services. The email itself has little or no content; only fake or dubious cryptocurrency domains below .shop are hidden in shortened URLs and included in the body of the email. As soon as the recipient clicks on it, they are redirected to an advertising page for cryptocurrencies. The .shop extension, which was delegated on 9 May 2016, has seen extraordinarily stable growth since 2018 and has risen to become the third most popular nTLD in the world with around 3.5 million registered domains, and the trend is still positive.

Source: https://www.broadcom.com/support/securi ... pam-emails