Researchers uncover 37,000 fake websites aiming to fool holiday shoppers

Hackers are directly scamming end users with high-volume phishing campaigns

Woman shopping online on a laptop

Security researchers have discovered around 37,000 fake retail websites set up to scam holiday shoppers.

According to the RiskIQ 2020 Black Friday E-commerce Blacklist Threat Report, cyber criminals set up these websites to leverage leading online retailers’ names and consumers’ poor security habits to fool shoppers looking for holiday shopping deals. 

Registering domains that infringe on well-known brands is a common tactic in phishing campaigns and has grown in popularity in recent years due to the opening of thousands of new generic top-level domains (gTLDs), the growth of free and cheap domain registration services, and attack techniques, like domain shadowing, according to the report.

In a query of 20 Fortune 100 companies’ branded terms, RiskIQ’s domain infringement detection revealed 37,000 probable domain infringement instances over two weeks. That’s 1,850 incidents per brand. 

Researchers also found 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas.” New hostnames containing these terms spun up near the Thanksgiving shopping weekend don’t necessarily indicate a legitimate threat, but shoppers should be skeptical of them. 

Looking at five of the top-10 most trafficked sites in the US and UK, RiskIQ found 18,891 blacklisted URLs containing their branded terms. That’s 945 blacklisted URLs per brand.

The researchers also found that hackers have developed apps that spoof legitimate retailers to scam victims. They found 1,654 blacklisted apps containing branded terms in the title or description or 82.7 per brand.

RiskIQ found an average of nearly three blacklisted apps for each brand containing its branded terms and “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas” in the title or description. This shows clear intent by threat actors to leverage the shopping holiday, said researchers.

The report also delved into Magecart web-skimming attacks. Magecart places skimmers on scores of e-commerce sites, including those of global brands, allowing operatives to intercept thousands of consumer credit card records. 

RiskIQ found the average length of a Magecart breach is 22 days. Anyone purchasing on a compromised site during this period is likely a credit card theft victim.

"This year's bad holiday actors will capitalize by using the brand names of leading e-tailers, as well as the poor security habits of consumers," said RiskIQ CEO Lou Manousos. "They'll fool shoppers looking for shopping deals, sales, and coupons by creating fake mobile apps and landing pages." 

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
FTC notes rising cryptocurrency fraud in the past six months
cryptocurrencies

FTC notes rising cryptocurrency fraud in the past six months

18 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021