Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

holiday shopping fake sites

The copycat sites are using valid certificates to be more convincing.

As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers.

The news comes as a new report shows that in tandem, the retail industry is experiencing more breaches than any other industry in 2019 as criminals consistently go after shopper information. According to Business Insider, 2018 holiday e-commerce sales were responsible for $126 billion in sales, a 16.5 percent increase from the $108.2 billion generated in 2017.

This increase in consumer spending will be accompanied by increases in cyberattacks as bad actors also prepare to profit from the holiday season, researchers say.

To that point, Venafi researchers uncovered the copycat phishing sites, which use trusted, valid TLS certificates (60 percent of them are free certificates from Let’s Encrypt). These make phishing websites appear valid, the better to convince consumers to enter sensitive account and payment data into online forms.

This year’s explosion of copycat sites more than doubles the number seen last year, Venafi said; and, it means that the total number of look-alike domains is more than 400 percent greater than the number of authentic retail domains.

The suspicious domains target 20 major retailers in the U.S., UK, France, Germany and Australia, the firm said in an analysis posted on Friday; and in fact, one of the top US retailers has more than 49,500 look-alike domains targeting its customers.

Fraud domains typically have URLs that are identical to the real thing expect for having, say, one letter transposed or replaced. In terms of colors, branding and functionality, they closely mimic legitimate, well-known retail websites.

“We continue to see rampant growth in the number of malicious, look-alike domains used in predatory phishing attacks,” said Jing Xie, senior threat intelligence researcher at Venafi, in a press statement. “This is a result of the push to encrypt more and potentially all web traffic, a trend that generally improves security for users but inadvertently introduces a new challenge to existing methods of phishing detection.”

Is MFA enough to protect modern enterprises in the peak era of data breaches? How can you truly secure consumer accounts? Prevent account takeover? Find out: Catch our free, on-demand Threatpost webinar, “Trends in Fortune 1000 Breach Exposure” to hear advice from breach expert Chip Witt of SpyCloud. Click here to register.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.