Researchers uncover 37,000 fake websites aiming to fool holiday shoppers

Hackers are directly scamming end users with high-volume phishing campaigns

Woman shopping online on a laptop

Security researchers have discovered around 37,000 fake retail websites set up to scam holiday shoppers.

According to the RiskIQ 2020 Black Friday E-commerce Blacklist Threat Report, cyber criminals set up these websites to leverage leading online retailers’ names and consumers’ poor security habits to fool shoppers looking for holiday shopping deals. 

Registering domains that infringe on well-known brands is a common tactic in phishing campaigns and has grown in popularity in recent years due to the opening of thousands of new generic top-level domains (gTLDs), the growth of free and cheap domain registration services, and attack techniques, like domain shadowing, according to the report.

In a query of 20 Fortune 100 companies’ branded terms, RiskIQ’s domain infringement detection revealed 37,000 probable domain infringement instances over two weeks. That’s 1,850 incidents per brand. 

Researchers also found 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas.” New hostnames containing these terms spun up near the Thanksgiving shopping weekend don’t necessarily indicate a legitimate threat, but shoppers should be skeptical of them. 

Looking at five of the top-10 most trafficked sites in the US and UK, RiskIQ found 18,891 blacklisted URLs containing their branded terms. That’s 945 blacklisted URLs per brand.

The researchers also found that hackers have developed apps that spoof legitimate retailers to scam victims. They found 1,654 blacklisted apps containing branded terms in the title or description or 82.7 per brand.

RiskIQ found an average of nearly three blacklisted apps for each brand containing its branded terms and “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas” in the title or description. This shows clear intent by threat actors to leverage the shopping holiday, said researchers.

The report also delved into Magecart web-skimming attacks. Magecart places skimmers on scores of e-commerce sites, including those of global brands, allowing operatives to intercept thousands of consumer credit card records. 

RiskIQ found the average length of a Magecart breach is 22 days. Anyone purchasing on a compromised site during this period is likely a credit card theft victim.

"This year's bad holiday actors will capitalize by using the brand names of leading e-tailers, as well as the poor security habits of consumers," said RiskIQ CEO Lou Manousos. "They'll fool shoppers looking for shopping deals, sales, and coupons by creating fake mobile apps and landing pages." 

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
A quarter of all malicious JavaScript is obfuscated
hacking

A quarter of all malicious JavaScript is obfuscated

20 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021