The holiday shopping season is approaching, and many consumers will find their gifts online. After all, cyber Monday has practically turned into its own major holiday. Unfortunately, as online shopping continues to grow, so does the targeting of consumers through malicious look-alike domains.
Cyber attackers create fraudulent domains by substituting a few characters in the URLs. Because they point to malicious online shopping websites that closely mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe to online shoppers who unknowingly provide sensitive account information and payment data.
Venafi recently conducted research on the explosion of look-alike domains, which are often used to steal sensitive data from online shoppers. We analyzed suspicious domains targeting 20 major retailers in the U.S., U.K., France, Germany and Australia and found over 100,000 lookalike domains that use valid TLS certificates to appear safe and trusted.
Major overall findings from the research include the following:
Every region had its own challenges with lookalike domains. Below you can find interesting statistics and breakdowns from each country.
One of the top U.S. retailers has over 49,500 look-alike domains targeting their customers.
The United Kingdom has the largest ratio of look-alike domains targeting retailers, with are over six times more look-alike domains than valid domains.
The look-alike domains in Germany are more likely to use certificates from Let’s Encrypt than any other region. 85% of look-alike domains use Let’s Encrypt.
One of the top retailers in Australia had over 2,000 look-alike domains targeting their customers. This contributed to over half of the look-alike domains in the region.
France is the only country with a relatively low ratio of lookalike domains relative to legitimate domains
As the holiday shopping season approaches, the number of look-alike domains targeting online shoppers will multiply. Online retailers that discover malicious domains can take several steps to protect their customers, including:
“We continue to see rampant growth in the number of malicious, look-alike domains used in predatory phishing attacks,” said Jing Xie, senior threat intelligence researcher at Venafi. “This is a result of the push to encrypt more and potentially all web traffic, a trend that generally improves security for users but inadvertently introduces a new challenge to existing methods of phishing detection. Most businesses and many retailers don’t have the updated technology in place to find these malicious sites and remove them to protect their customers.”
Are you looking out for look-alike domains?
In addition to the threats posed by bad actors, are we doing the one thing that could be training our users to be phished? Find out.