Story image

Cyber criminals using lookalike online shopping domains to phish buyers

03 Oct 18

Machine identity protection provider Venafi has released research on the explosion of lookalike domains, which are routinely used to steal sensitive data from online shoppers. 

Venafi’s research analysed suspicious domains targeting the top 20 retailers in five key markets: the US, UK, France, Germany and Australia. 

As the rate of online shopping increases, customers are being targeted through lookalike domains.

Cyber attackers create these fake domains by substituting a few characters in the URLs.

Because they point to malicious online shopping sites that mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains.

Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe for online shoppers who unknowingly provide sensitive account information and payment data.

Venafi senior threat intelligence analyst Jing Xie says, “Domain spoofing has always been a cornerstone technique of web attacks that focus on social engineering, and the movement to encrypt all web traffic does not shield legitimate retailers against this very common technique.” 

“Because malicious domains now must have a legitimate TLS certificate in order to function, many companies feel that certificate issuers should own the responsibility of vetting the security of these certificates. In spite of significant advances in the best practices followed by certificate issuers, this is a really bad idea.” 

Xie says, “No organisation should rely exclusively on certificate authorities to detect suspicious certificate requests.”

“For example, cyber attackers recently set up a lookalike domain for NewEgg, a website with over 50 million visitors a month. The lookalike domain used a trusted TLS certificate issued by the CA who followed all the best practices and baseline requirements.

“This phishing website was used to steal account and credit card data for over a month before it was shut down by security researchers.” 

According to Venafi’s research, there has been an explosion in the number of potentially fraudulent domains.

There are more than double the number of lookalike domains compared to legitimate domains, and every online retailer studied is being targeted. 

Key findings from the research include:

  • The total number of certificates for lookalike domains is more than 200% greater than the number of authentic retail domains.
  • Among the top 20 online German retailers, there are almost four times more lookalike domains than valid domains.
  • Major retailers present larger targets for cyber criminals. One of the top 20 US retailers has over 12,000 lookalike domains targeting their customers.
  • The growth in lookalike domains appears to be connected to the availability of free TLS certificates; 84% of the look-alike domains studied use free certificates from Let’s Encrypt. 

As the holiday shopping season approaches, there will likely be an increase in lookalike domains. For online retailers that discover malicious domains, they can take several steps to protect their customers:

  • Search and report suspicious domains using Google Safe Browsing. Google Safe Browsing is an industry anti-phishing service that identifies and blacklists dangerous websites. Retailers can report a domain on the Google Safe Browsing site.
  • Report suspicious domains to the Anti-Phishing Working Group (APWG). The APWG is an international volunteer organisation that focuses on limiting cyber crime perpetrated through phishing. Retailers can report a suspicious domain at their site.
  • Add Certificate Authority Authorization (CAA) to the DNS records of domains and subdomains. CAA lets organisations determine which CAs can issue certificates for domains they own. It is an extension of the domain’s DNS record and supports property tags that let domains owners set CA policy for entire domains or for specific hostnames.
  • Leverage software packages to search for suspicious domains. Copyright infringement software may help retailers find malicious websites, stopping the unauthorised use of their logos or brands. Solutions that also provide anti-phishing functionality can help aid in the search for look-alike domains.

“Ultimately, we should expect even more malicious lookalike websites designed for social engineering to pop up in the future,” says Xie. 

“In order to protect themselves, enterprises need effective means to discover domains that have a high probability of being malicious through monitoring and analysing certificate transparency logs. 

“This way, they can leverage many recent industry advances to spot high-risk certificate registrations, crippling malicious sites before they cause damage by taking away their certificates.” 

IDC: Smartphone shipments ready to stabilise in 2019
IDC expects year-over-year shipment growth of 2.6% in 2019, while the world's largest market is still forecast to be down 8.8% in 2018.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”