Skip to main content
banner image
venafi logo

Venafi Retail Research: Will Holiday Shoppers be Duped By Look-alike Domains?

Venafi Retail Research: Will Holiday Shoppers be Duped By Look-alike Domains?

retail lookalike domains
September 26, 2018 | Emil Hanscom

As the rate of online shopping increases, customers are being targeted through the use of look-alike domains that are routinely used to steal sensitive data from online shoppers. Cyber attackers create these fake domains by substituting a few characters in the URLs.

Because they point to malicious online shopping sites that mimic legitimate, well-known retail websites, it has become increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe for online shoppers who unknowingly provide sensitive account information and payment data.

How much risk do lookalike domains pose to online retailers? Get the study. 

“Domain spoofing has always been a cornerstone technique of web attacks that focus on social engineering, and the movement to encrypt all web traffic does not shield legitimate retailers from this very common technique,” says Jing Xie, senior threat intelligence analyst for Venafi.“Because malicious domains now must have a legitimate TLS certificate in order to function, many companies feel that certificate issuers should own the responsibility of vetting the security of these certificates. In spite of significant advances in the best practices followed by certificate issuers, retailers still need to take an active role in protecting their own sites against look-alike scams.”

Venafi recently released research which analyzed suspicious domains targeting the top 20 retailers in five key markets: the U.S., U.K., France, Germany and Australia. According to the research, there has been an explosion in the number of potentially fraudulent domains. There are more than double the number of look-alike domains compared to legitimate domains, and every online retailer studied is being targeted.

Key findings from the research include:

  • The total number of certificates for look-alike domains is more than 200% greater than the number of authentic retail domains.
  • Among the top 20 online German retailers, there are almost four times morelook-alike domains than valid domains.
  • Major retailers present larger targets for cyber criminals. One of the top 20 U.S. retailers has over 12,000 look-alike domainstargeting their customers.
  • The growth in look-alike domains appears to be connected to the availability of free TLS certificates; 84% of the look-alike domains studied use free certificates from Let’s Encrypt.

“No organization should rely exclusively on certificate authorities to detect suspicious certificate requests,” continued Xie. “For example, cyber attackers recently set up a look-alike domain for NewEgg, a website with over 50 million visitors a month. The look-alike domain used a trusted TLS certificate issued by the CA who followed all the best practices and baseline requirements. This phishing website was used to steal account and credit card data for over a month before it was shut down by security researchers.”

As the holiday shopping season approaches, there will likely be an increase in look-alike domains. For online retailers that discover malicious domains, they can take several steps to protect their customers:

Search and report suspicious domains using Google Safe Browsing.Google Safe Browsing is an industry anti-phishing service that identifies and blacklists dangerous websites.Retailers can report a domain at

  • Report suspicious domains to the Anti-Phishing Working Group (APWG).The APWG is an international voluntary organization that focuses on limiting cyber crime perpetrated through phishing. Retailers can report a suspicious domain at via email to
  • Add Certificate Authority Authorization (CAA) to the DNS records of domains and subdomains.CAA lets organizations determine which CAs can issue certificates for domains they own. It is an extension of the domain’s DNS record and supports property tags that let domains owners set CA policy for entire domains or for specific hostnames.
  • Leverage copyright infringement software package to search for suspicious domains.Copyright infringement software may help retailers find malicious websites, stopping the unauthorized use of their logos or brands. Solutions that also provide anti-phishing functionality can help aid in the search for look-alike domains.

“Ultimately, we should expect even more malicious lookalike websites designed for social engineering to pop up in the future,” concluded Xie. “In order to protect themselves, enterprises need effective means to discover domains that have a high probability of being malicious through monitoring and analyzing certificate transparency logs. This way they can leverage many recent industry advances to spot high-risk certificate registrations, crippling malicious sites before they cause damage by taking away their certificates.”

How do you protect yourself from look-alike domains?

Learn more about machine identity management. Explore now.

Related posts

Like this blog? We think you will love this.
Featured Blog

The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks

82% believe geopolitics and cybersecurity are intrinsically linked

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more