More than 5,300 malicious websites popped up each week, the highest since the start of 2021, according to Check Point Research.
The 2021 holiday season is a busy time for people getting ready to shop, both in physical stores and online. But of course, it’s also a busy time for cybercriminals as they prepare to exploit the season to target consumers with scams.
SEE: Fighting Social Media Phishing Attacks: 10 Tips (Free PDF) (TechRepublic)
One tactic used by attackers is to create fake shopping sites to trick people into spending money on fake or non-existent products. A report released on Friday by cyber threat intelligence provider Check Point Research reveals a dramatic increase in these types of sites compared to early 2021.
Since the beginning of October, the number of malicious merchant sites has jumped to more than 5,300 every week, an increase of 178% compared to the average number of 2021. And since the beginning of November, the number of corporate networks impacted by these sites rose to 1 in 38 from 1 in 352 earlier this year.
A campaign seen by Check Point sent out phishing emails offering cheap Michael Kors handbags and other products with subject lines like “Fashion MK Handbags 85% off in store in online today “,” Up to 80% Off Michael Kors Handbags On Sale, High Fashion, Low Prices “and” Shop All Michael Kors Handbags, Handbags & Wallets Up at 70% “.
The links in the emails took people to websites with prices too good to be true, meaning any buyer would receive scam products or no product at all. The linked websites all had similar domain names with the same IP address range of 104.21.xxx.xxx. Although the sites are no longer available, some were active during the second half of October, while others were still active until the second week of November.
Another campaign spotted by Check Point impersonated legitimate shopping sites with the likely intention of stealing account credentials. An email written in Japanese claimed to be from “Amazon. Urgent Notice ”and contained a subject line translated into English that read:“ System Notification: Unfortunately we were unable to renew your Amazon account. The website linked in the post was masquerading as Amazon’s Japanese shopping site.
“Hackers are redoubling their efforts to lure consumers into fraud through ‘too good to be true’ offers, promising big discounts such as 80% or 85% off,” said Omer Dembinsky, manager. from the data group at Check Point Software. “Their strategy is to capitalize on a consumer’s enthusiasm after posting a staggering discount. I strongly urge consumers to beware of these “too good to be true” offers when shopping online on Black Friday and Cyber Monday. “
To protect you and your organization from malicious shopping sites and e-commerce scams during the holiday season, Check Point offers the following tips:
- Make sure you shop directly from a reliable site. Do not click on promotional links you receive by email or on social media. Search a shopping site before visiting to make sure you’re using the correct URL.
- Watch out for similar areas. Look for typos and other errors in emails and on websites, and beware of unknown email senders or unusual email addresses you see in promotions.
- Trust your instincts. A buyer’s promotion that looks too good to be true is probably a scam. This means that a new iPad won’t go on sale at 80% of the retail price.
- Look for the lock icon and the HTTPS “S” in your browser’s address bar. Any site that does not use Secure Sockets Layer (SSL) encryption at this point should be avoided. No lock icon and no S are both red flags.
- Beware of password reset emails, especially during the holiday season. If you receive such an email, always go directly to the website instead of clicking the link in the message. If you need or want to change your password, be sure to do so at the current site.