Check Point Research (CPR) reports a record-breaking amount of malicious websites related to online shopping in the run-up to Black Friday and Cyber Monday.
The pandemic has resulted in a clear change in habits, and shopping is no different, with most people moving to online shopping, resulting in a boom in e-retail. Retailers are only too happy to leverage this trend and the opportunity offered by special shopping days. This year, online holiday shopping is expected to reach a record highs in sales
However, amidst the buzz and excitement, threat actors are also prepping themselves to leverage the events for their own malicious purposes.
The Numbers
• On average, over 5300 different websites per week were spotted in the past six weeks
• 178% increase in malicious websites related to e-shopping in the past six weeks, compared to the average in 2021
• 1 out of 38 corporate networks have been impacted on average per week in November, compared to 1 in 47 in October and 1 in 352 earlier in 2021
Example A: Michael Kors Impersonation
CPR found impersonations of the Michael Kors brand. Fraudulent emails used subject lines below to lure victims on to malicious websites:
• “Fashion MK Handbags 85% Off Shop Online Today”
• “Up to 80% OFF Michael Kors HandBags on Sale, High Fashion, Low Prices”
• “Shop All Michael Kors Handbags, Purses & Wallets Up To 70%”
Example B: Amazon Impersonation
CPR discovered an email sent from “Amazon. Urgent notice”. The email address contained a Chinese domain and the email had a subject in Japanese saying “System Notification: Unfortunately, we were unable to renew your Аmazon account” (translated from Japanese). The link in the email led to a website masquerading as Amazom.co.jp website in both the name and the look https://www[.]amazon-co-jp[.]fo2j.top/.
“We track the number of malicious websites related to online shopping almost every year ahead of the November e-Shopping holidays,” says Omer Dembinsky, data group manager at Check Point Software This year’s numbers have broken our records. We’ve seen a staggering 178% increase in malicious online shopping websites this time, compared to the previous months in 2021. Hackers are doubling down on the strategy to lure consumers into fraud through ‘too good to be true’ offers, promising large discounts such at 80% or 85% off. Their strategy is to capitalise on a consumer’s excitement after showing an eye-popping discount. I strongly urge consumers to beware of these ‘too good to be true’ offers as they shop online on Black Friday and Cyber Monday. You can protect yourself by being attentive to lookalike domains, shopping from reliable sources and spotting password reset and other account related notifications that show excessive urgency. Do not click these links, and if needed – go directly to the website and change details from your account.”
Security Tips for Online Shoppers
• Always shop from an authentic reliable source. Do not click on promotional links you get over email or over social media. Pro-actively google search your desired retail or brand
• Be attentive for look-alike domains. You should notice spelling accuracy in emails or websites, and note unfamiliar email senders or peculiar email addresses you receive promotions from
• Too good to happen shopping offers are indeed too good to happen. A new iPad will NOT go on an 80% discount this season, unfortunately.
• Always look for the lock. Making an online transaction from a website that does not have secure sockets layer (SSL) encryption installed is an absolute NO-GO. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
• Always be attentive to password reset emails, especially when volumes of traffic online are at peak, like the November shopping season, If you receive an uninvited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on the original site.