Researchers uncover 37,000 fake websites aiming to fool holiday shoppers

Hackers are directly scamming end users with high-volume phishing campaigns

Woman shopping online on a laptop

Security researchers have discovered around 37,000 fake retail websites set up to scam holiday shoppers.

According to the RiskIQ 2020 Black Friday E-commerce Blacklist Threat Report, cyber criminals set up these websites to leverage leading online retailers’ names and consumers’ poor security habits to fool shoppers looking for holiday shopping deals. 

Registering domains that infringe on well-known brands is a common tactic in phishing campaigns and has grown in popularity in recent years due to the opening of thousands of new generic top-level domains (gTLDs), the growth of free and cheap domain registration services, and attack techniques, like domain shadowing, according to the report.

In a query of 20 Fortune 100 companies’ branded terms, RiskIQ’s domain infringement detection revealed 37,000 probable domain infringement instances over two weeks. That’s 1,850 incidents per brand. 

Researchers also found 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas.” New hostnames containing these terms spun up near the Thanksgiving shopping weekend don’t necessarily indicate a legitimate threat, but shoppers should be skeptical of them. 

Looking at five of the top-10 most trafficked sites in the US and UK, RiskIQ found 18,891 blacklisted URLs containing their branded terms. That’s 945 blacklisted URLs per brand.

The researchers also found that hackers have developed apps that spoof legitimate retailers to scam victims. They found 1,654 blacklisted apps containing branded terms in the title or description or 82.7 per brand.

RiskIQ found an average of nearly three blacklisted apps for each brand containing its branded terms and “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas” in the title or description. This shows clear intent by threat actors to leverage the shopping holiday, said researchers.

The report also delved into Magecart web-skimming attacks. Magecart places skimmers on scores of e-commerce sites, including those of global brands, allowing operatives to intercept thousands of consumer credit card records. 

RiskIQ found the average length of a Magecart breach is 22 days. Anyone purchasing on a compromised site during this period is likely a credit card theft victim.

"This year's bad holiday actors will capitalize by using the brand names of leading e-tailers, as well as the poor security habits of consumers," said RiskIQ CEO Lou Manousos. "They'll fool shoppers looking for shopping deals, sales, and coupons by creating fake mobile apps and landing pages." 

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021