Hi, not an ICANN issue. Fault lies with the domain name registrant's operational security and management practices (and with the malicious actors who exploit them, of course.) The risk and its mitigation should be standard in all IT management and security training, and part of regular management practice (it essentially entails making sure you don't have "dangling domains" i.e. subdomains that stop pointing to a cloud service or SPF authentication. Short explanation: https://readwrite.com/email-fraudsters-deploy-sophisticated-tactics-to-dupe-... More detailed explanation and prevention measures: https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-da... Tool to check for hijacked subdomains and make your organizations' IT managers aware of the problem: https://guard.io/subdomailing - and click on the button that reads "What should I do?" after checking. There's a list of presently compromised domain names (This may change as they get fixed.) It includes nyc.gov, msn.com, marvel.com, cornell.edu, and even mcaffee.com. Thanks for the heads-up which while not being an ICANN issue, should be made into useful operational advice for the organizations represented here. People, talk to your IT guys and to the organizations near you. They should be aware of the more general risk to their users as well as fixing their own stuff. Alejandro Pisanty [https://cdn.guard.io/uploads/img_d278c579814824e5.png]<https://guard.io/subdomailing> SubdoMailing Checker Tool | Guardio<https://guard.io/subdomailing> guard.io Use Guardio's checker tool to find out if your domain has been compromised by SubdoMailers Alejandro Pisanty [https://cyberint.com/wp-content/uploads/2023/10/Shai-Yatzik-CFO-59.png]<https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-danger/> Subdomain Hijacking: The Domain's Silent Danger<https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-da...> cyberint.com In one study over 1,000 organizations were found to have vulnerable subdomains at risk of hijacking, but this is the tip of the iceberg. Here is how threat actors take control and what you can do about it. ________________________________ De: lac-discuss-en <lac-discuss-en-bounces@atlarge-lists.icann.org> en nombre de Carlton Samuels <carlton.samuels@gmail.com> Enviado: lunes, 26 de febrero de 2024 09:40 p. m. Para: CPWG CC: LAC-Discuss-en Asunto: [lac-discuss-en] Hijacked subdomains of major brands used for spamming ....what do we know? And, when did we know it! https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-... [https://www.bleepstatic.com/content/hl-images/2024/02/26/email.jpg]<https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/> Hijacked subdomains of major brands used in massive spam campaign<https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-...> www.bleepingcomputer.com A massive ad fraud campaign named Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Process, Governance, Assessment & Turnaround =============================