New research has uncovered suspicious retail look-alike domains using valid certificates.
Research conducted by Venafi, analysed suspicious domains targeting 20 major retailers in the US, UK, France, Germany and Australia. Over 100,000 lookalike domains using valid TLS certificates, to appear safe and trustworthy, were identified.
The threat actors behind the sites are creating and utilising fraudulent domains by substituting a few characters in the URLs, as the malicious websites closely mimic legitimate well-known retail websites – thus making it difficult for unsuspecting online shoppers to detect the fake domains.
In addition, the malicious websites are using a trusted TLS certificates, allowing threat actors to steal sensitive personal data and financial information.
According to Venafi’s research, growth in the number of look-alike domains has more than doubled since 2018.
The research also found that the total number of certificates that used look-alike domains is more than 400% greater than the number of authentic retail domains.
Among the top 20 online UK retailers, there are over six times more look-alike domains than valid domains.
One key findings from the research was that major retailers are important targets for cyber criminals – with one of the top US retailers having over 49,5000 look-alike domains targeting their customers.
“We continue to see rampant growth in the number of malicious, look-alike domains used in predatory phishing attacks,” said Jing Xie, senior threat intelligence researcher at Venafi.
“This is a result of the push to encrypt more and potentially all web traffic, a trend that generally improves security for users but inadvertently introduces a new challenge to existing methods of phishing detection. Most businesses and many retailers don’t have the updated technology in place to find these malicious sites and remove them to protect their customers.”
The post #Privacy: Over 100K malicious sites using valid certificates identified appeared first on PrivSec Report.