People who shop on the web, be careful, for the cybercriminals have planted over 100,000 look-alike domains resembling popular shopping sites!
It seems like cybercriminals are putting more and more effort each day to these fake domains.
They use authentic TLS certificates to seem like trusty and safe websites.
These non-valid domains have been created for the purpose of mimicking over 20 retailers websites in France, Australia, Germany, U.S. and U.K.
As days go by and online shopping solidifies its place as a trust-worthy market for users, hackers are trying to find numerous ways to trick users into giving them their sensitive data, credit card informations and more.
On top of all that, these fake domains numbers have more than DOUBLED over the last year, and the valid TLS certificates used are four times more than the last year, meaning cybercriminals are getting beter at planting these domains.
A recent investigation done by Venafi states that over 100,000 fake domains have been established by online criminals that mimics valid websites of popular shops in U.S. , U.K , France, Germany and Australia. It is yet to be known if there are more look-alike websites around the globe, or the hackers specifically targeted these locations.
Mimics use valid certificates to trick the devices and the user into recognizing it as the original website.
One of the top U.S. establishment for shopping has over 40,000 fake domains planted to look like their original website for targeting vulnerable users for their personal data.
After some investigation, it seems like over sixty percent of the mimic websites use free certificates from Let’s Encrypt.
If you’re an owner of a similar establishment that has a website for shopping, consider the following:
Add CAA (Certificate Authority Authorization) for your websites domains, so your domain can decide which CAs can authorize certificates for domains they own.
Use safe browser options to search for suspicious domains so you can report them, which makes the process of blacklisting easier.
Online shoppers should take cautions too, for if they fall into one of these mimic websites their credit card information and more can be stolen from them.
You should always search the website that you are about to give your credit card information on the web, so you can be sure of its credibility. Also, consider scanning the website for spelling errors in the retailers name, or differences on the logo. If you think its not safe to enter your info, don’t enter your info.