Malicious shopping websites surge in number in advance of Black Friday

3 years ago 303

More than 5,300 malicious websites person popped up each week, the highest since the commencement of 2021, says Check Point Research.

online-shopping-cart-on-laptop-tevarak.jpg

Image: iStock/tevarak

The 2021 vacation play is simply a engaged clip for radical arsenic they get acceptable to shop, some astatine carnal stores and astatine online sites. But of course, this is besides a engaged clip for cybercriminals arsenic they get acceptable to exploit the play to people consumers with scams.

SEE: Fighting societal media phishing attacks: 10 tips (free PDF) (TechRepublic)  

One maneuver that attackers usage is to acceptable up phony buying sites to instrumentality radical into spending wealth connected fake oregon nonexistent products. A report released Friday by cyber menace quality supplier Check Point Research reveals a melodramatic emergence successful these types of sites compared with earlier successful 2021.

Since the opening of October, the fig of malicious buying sites has jumped to much than 5,300 ones each week, adding up to an summation of 178% compared with the mean fig for 2021. And since the commencement of November, the fig of firm networks impacted by these sites has risen to 1 retired of each 38 compared with 1 successful 352 earlier successful the year.

One run seen by Check Point sent retired phishing emails hawking inexpensive Michael Kors handbags and different products with specified taxable lines arsenic "Fashion MK Handbags 85% Off Shop Online Today," "Up to 80% OFF Michael Kors HandBags connected Sale, High Fashion, Low Prices" and "Shop All Michael Kors Handbags, Purses & Wallets Up To 70%."

The links contained successful the emails directed radical to websites with prices excessively bully to beryllium true, meaning that immoderate buyers would person either fraudulent products oregon nary merchandise astatine all. The linked websites each had akin domain names with the aforesaid IP code scope of 104.21.xxx.xxx. Though the sites are nary longer available, immoderate were progressive during the 2nd fractional of October, portion others were inactive successful concern up to the 2nd week of November.

malicious-shopping-site-michael-kors-check-point.jpg

Image: Check Point

Another run spotted by Check Point impersonated morganatic buying sites with the apt extremity of stealing relationship credentials. An email written successful Japanese claimed to beryllium from "Amazon. Urgent notice" and contained a taxable enactment translated into English that said: "System Notification: Unfortunately, we were incapable to renew your Amazon account." The website linked to successful the connection was masquerading arsenic Amazon's Japanese buying site.

malicious-shopping-site-amazon-japan-check-point.jpg

Image: Check Point

"Hackers are doubling down connected the strategy to lure consumers into fraud done 'too bully to beryllium true' offers, promising ample discounts specified astatine 80% oregon 85% off," said Omer Dembinsky, information radical manager astatine Check Point Software. "Their strategy is to capitalize connected a consumer's excitement aft showing an eye-popping discount. I powerfully impulse consumers to beware of these 'too bully to beryllium true" offers arsenic they store online connected Black Friday and Cyber Monday."

To support yourself and your enactment from malicious buying sites and ecommerce scams during the vacation season, Check Point offers the pursuing tips:

  1. Make definite you store straight from a reliable site. Don't click connected promotional links that you person via email oregon societal media. Run a hunt for a buying tract earlier you sojourn it to marque definite you're going done the close URL.
  2. Watch retired for lookalike domains. Scan for typos and different errors successful emails and connected websites and beryllium wary of chartless email senders oregon antithetic email addresses that you spot successful promotions.
  3. Trust your instincts. A buying promotion that sounds excessively bully to beryllium existent apt is simply a scam. That means a caller iPad volition not spell connected merchantability for 80% disconnected the retail price.
  4. Look for the fastener icon and the "S" successful HTTPS successful the code barroom of your browser. Any tract that does not usage Secure Sockets Layer (SSL) encryption astatine this constituent should beryllium avoided. No fastener icon and nary S are some reddish flags.
  5. Be wary of password reset emails, particularly during the vacation season. If you get specified an email, ever spell to the website straight alternatively of clicking connected the nexus successful the message. If you request oregon privation to alteration your password, marque definite you bash it astatine the existent site.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article