New Report! Clicks, Links & Tricks, Oh My! How Serious Organized Criminals Exploit Digital Trust Pathways

The integration of digital infrastructure into every dimension of modern society has created unprecedented opportunities for innovation and growth. At the same time, it has opened new avenues for exploitation by serious and organized criminal actors.

This publication examines how fundamental components of the Internet - domain names, uniform resource locators (URLs), and web traffic systems - are systematically manipulated. These elements, referred to throughout the report as "digital trust pathways", have become central enablers of a wide range of illicit activities. Strategically misused, they serve to facilitate, expand, and conceal criminal operations on a global scale.

Cybercriminals are highly adaptive, taking advantage of the open and decentralized architecture of digital infrastructure to exploit vulnerabilities. Their activities rely on a backbone of cybercrime techniques - phishing, pharming, spam, malware, and botnets - underpinned by the exploitation of digital trust pathways. These include domain registration abuse (such as typosquatting and homograph attacks), URL manipulation, and traffic manipulation. Increasingly, these practices are automated by programmatic tools such as domain generation algorithms (DGAs), fast-flux DNS, and traffic distribution systems (TDS), which both expand their reach and strengthen their resilience against detection and disruption.

The consequences go far beyond technical breaches. Abuse of digital trust pathways is now central to the commission of traditional forms of serious organized crime: identity theft, large-scale financial fraud (including business email compromise and investment scams), ransomware extortion, dissemination of child sexual abuse material (CSAM), human trafficking, and intellectual property crime.

These longstanding offences are not new, but they are being amplified, anonymized, and globalized through the systematic misuse of digital infrastructure. Trust, once the cornerstone of the Internet's design, is being repurposed as a vehicle for exploitation.

Emerging technologies further complicate this environment. Blockchain-based domain systems, while offering resilience and autonomy, currently lack adequate governance and dispute resolution mechanisms, creating opportunities for permanent malicious registrations. Artificial intelligence (AI), similarly, acts as a double-edged sword: a defensive tool but also a potential enabler of criminal activity, facilitating the creation of convincing phishing campaigns, polymorphic URLs, and deepfake content.

Cybercrime-as-a-Service (CaaS) models further amplify the threat landscape by lowering barriers to entry. They allow less technically skilled actors to deploy advanced capabilities with relative ease, contributing to the growing commoditization of cybercrime.

Responding to these challenges requires more than fragmented or reactive approaches. The report calls for a coordinated, multistakeholder response that combines technical innovation, strengthened global frameworks, and enhanced international cooperation. Priority areas include reinforcing globally adopted standards, improving mechanisms for information sharing, building capacity among policymakers and users, and developing foresight capabilities to anticipate and mitigate emerging risks.

Ultimately, safeguarding the digital ecosystem requires recognizing that domains, URLs, and web traffic systems are not peripheral artefacts. They are the very building blocks of the Internet - abused today as crucial elements enabling cybercrime. Their protection must therefore be approached as a shared international responsibility, fundamental to preserving digital trust and ensuring an open, safe, and secure Internet for all.