Researchers from the Georgia Institute of Technology and the State University of New York at Stony Brook released findings from a study of combosquatting at the 2017 Association for Computing Machinery’s Conference on Computer and Communications Security. In combosquatting, cyberattackers register URL’s with modified versions of legitimate organizations’ names. For example, they might add “-security” to the domain name of a financial institution. That way, cautious clickers who check URL’s will get a false sense of assurance they are not being transferred to a malicious site. The scam could lure people to share personal information, purchase counterfeit merchandise, or sign their computers up for a hack attack. Scanning six years of data for 268 popular trademarks, the investigators found 2.7 million combosquatting domains, 60% of which continued to operate for more than 1,000 days. The study was funded by the United States Departments of Defense and Commerce and the National Science Foundation.