With November and December the busiest months of the year for retailers by some margin, cyber criminals are pulling out all the stops to make the Christmas season a bumper one for online retail fraud, according to researchers at security companies Venafi and PerimeterX.
Earlier this week, Venafi, which specialises in machine identity protection, released new intelligence on the rapid growth of lookalike domains using valid transport layer security (TLS) certificates to appear legitimate. It claims to have spotted more than 100,000 such domains targeting 20 retailers in Australia, France, Germany, the UK and the US.
This is over five times more than the number of authentic retail domains, and in the UK, the number was six times greater, spread across the top 20 online stores in the country. More than half of these were found using certificates from Let’s Encrypt – a legitimate non-profit specialising in free and open certificates.
“We continue to see rampant growth in the number of malicious, lookalike domains used in predatory phishing attacks,” said Jing Xie, senior threat intelligence researcher at Venafi.
“This is a result of the push to encrypt more, and potentially all, web traffic, a trend that generally improves security for users but inadvertently introduces a new challenge to existing methods of phishing detection. Most businesses and many retailers don’t have the updated technology in place to find these malicious sites and remove them to protect their customers.”
Most of these domains are created by substituting a few hard-to-spot characters in the URL to direct users to malicious websites that mimic the real thing and appear to the user to be saf ..