Online users are asked to beware of some websites that have names ending with ".icu". This is because scammers/cybercriminals are abusing the Top Level Domain(TLD), by creating fake, fraudulent, phishing and malicious websites with names ending with ".icu". We have even seen popular websites been cloned that have names ending with ".icu", which cybercriminals use to trick their potential victims into visiting, thinking they are on the legitimate websites.
Here is an example:
Cybercriminals can clone or create a fake copy of "www.yahoo.com", call the cloned version of the website "www.yahoo.icu". Many online users who are tricked into visiting the fake website, would not notice the “.icu” at the end of the name, or may even think Yahoo is using a new website domain name. Therefore, they would think they are on the legitimate Yahoo website. But, any attempts to sign into the fake website by visitors, will result in their Yahoo usernames and passwords being sent to the cybercriminals responsible for the website, who will use the stolen credentials to hijack the visitors' email accounts, which will be used fraudulently.
Online users who think they were tricked into visiting phishing websites that steal online usernames and password, should change their passwords immediately before their accounts are hijacked and used fraudulently.
We are not saying all websites with names ending with “.icu” are dangerous. We just want online users to be aware of those fraudulent “.icu” Top Level Domain name(TLD) websites, which are being created by hackers, scammers and other cybercriminals.