Malicious shopping websites surge in number in advance of Black Friday


More than 5,300 malicious websites have popped up each week, the highest since the start of 2021, says Check Point Research.

Image: iStock/tevarak

The 2021 holiday season is a busy time for people as they get ready to shop, both at physical stores and at online sites. But of course, this is also a busy time for cybercriminals as they get ready to exploit the season to target consumers with scams.

SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic)  

One tactic that attackers use is to set up phony shopping sites to trick people into spending money on fake or nonexistent products. A report released Friday by cyber threat intelligence provider Check Point Research reveals a dramatic rise in these types of sites compared with earlier in 2021.

Since the beginning of October, the number of malicious shopping sites has jumped to more than 5,300 ones each week, adding up to an increase of 178% compared with the average number for 2021. And since the start of November, the number of corporate networks impacted by these sites has risen to 1 out of every 38 compared with 1 in 352 earlier in the year.

One campaign seen by Check Point sent out phishing emails hawking cheap Michael Kors handbags and other products with such subject lines as “Fashion MK Handbags 85% Off Shop Online Today,” “Up to 80% OFF Michael Kors HandBags on Sale, High Fashion, Low Prices” and “Shop All Michael Kors Handbags, Purses & Wallets Up To 70%.”

The links contained in the emails directed people to websites with prices too good to be true, meaning that any buyers would receive either fraudulent products or no product at all. The linked websites all had similar domain names with the same IP address range of 104.21.xxx.xxx. Though the sites are no longer available, some were active during the second half of October, while others were still in business up to the second week of November.

malicious-shopping-site-michael-kors-check-point.jpg

Image: Check Point

Another campaign spotted by Check Point impersonated legitimate shopping sites with the likely goal of stealing account credentials. An email written in Japanese claimed to be from “Amazon. Urgent notice” and contained a subject line translated into English that said: “System Notification: Unfortunately, we were unable to renew your Amazon account.” The website linked to in the message was masquerading as Amazon’s Japanese shopping site.

malicious-shopping-site-amazon-japan-check-point.jpg

Image: Check Point

“Hackers are doubling down on the strategy to lure consumers into fraud through ‘too good to be true’ offers, promising large discounts such at 80% or 85% off,” said Omer Dembinsky, data group manager at Check Point Software. “Their strategy is to capitalize on a consumer’s excitement after showing an eye-popping discount. I strongly urge consumers to beware of these ‘too good to be true” offers as they shop online on Black Friday and Cyber Monday.”

To protect yourself and your organization from malicious shopping sites and ecommerce scams during the holiday season, Check Point offers the following tips:

  1. Make sure you shop directly from a reliable site. Don’t click on promotional links that you receive via email or social media. Run a search for a shopping site before you visit it to make sure you’re going through the correct URL.
  2. Watch out for lookalike domains. Scan for typos and other errors in emails and on websites and be wary of unknown email senders or unusual email addresses that you see in promotions.
  3. Trust your instincts. A shopping promotion that sounds too good to be true likely is a scam. That means a new iPad will not go on sale for 80% off the retail price.
  4. Look for the lock icon and the “S” in HTTPS in the address bar of your browser. Any site that does not use Secure Sockets Layer (SSL) encryption at this point should be avoided. No lock icon and no S are both red flags.
  5. Be wary of password reset emails, especially during the holiday season. If you get such an email, always go to the website directly instead of clicking on the link in the message. If you need or want to change your password, make sure you do it at the actual site.

Also see



Source link