As retailers prepare for the holiday season, there is another set of people getting ready to prepare for profits. This is the most wonderful time of the year for cyber-criminals! Consumers will need to keep an eye out for them when buying gifts as there are four times as many fake retailers out there as there are genuine ones.
Research firm Venafi reports that there is a huge number of imposter typosquatting domains using Transport Layer Security (TLS) certificates. They appear to be authentic but are actually pretending to be real retailers.
The group found 19,890 TLS certificates on legitimate retailers. However, there are also 109,045 of these certificates being used by lookalikes. Altogether, that is a 400% increase, an amount that has doubled since last year. This is because of the ease of obtaining a certificate that’s supposed to indicate safety.
The TLS certificates often make a consumer trust that the site is genuine. However, the majority of these fake retailers get their certification from Let’s Encrypt, which is an automated body that hands them out for free.
Many of the receivers of these certificates from Let’s Encrypt then go on to fool customers by phishing them for their money. Meanwhile, others infect devices with Malware or spam away with ads.
Phishing across the Atlantic
With Black Friday nearly only a week away and Cyber Monday following a few days after that, online scammers will have their mouths watering. These events were traditionally promoted more heavily within the United States. However, over the last few years, the United Kingdom has jumped on the bandwagon.
It is within this country where the risk of landing on an imposter site is higher. There are 6 times more fake sites than genuine ones within the UK when it comes to the top 20 retailers.
Popular UK department stores such as John Lewis, Debenhams, and Harrods offer an incentive for online poachers due to their vast range of products. However, the emergence of online powerhouses, such as Boohoo, Missguided, Very, and ASOS increase the risk of consumers being fooled.
The typosquatters take advantage of mistypes or misdirections, which could be detrimental to consumers who could hand their money over to an untrusted source.
Despite the UK being at a bigger risk of this sort of activity, it is the US e-commerce giant Amazon that is one of the biggest targets. According to Forbes, the company is the only retailer in the top ten phishing targets.
With Amazon making $200 billion worth of annual sales, it’s no surprise to why it is a key target. To reduce the risk of being fooled by one of these sites, Sophos recommends the installation of a password protector. This spots the URL tweaks that have been introduced by typosquatters.
These often go unnoticed by the human eye, making the software a useful tool for shoppers. If a consumer spots a phisher, they should always report it to a cyber law enforcement body. Internet Crime Complaint Center deals with these issues in the states, while Action Fraud handles them in the UK.
Have you had the unfortunate experience falling victim to these fraudsters? Let us know your thoughts in the comment section.