Online shopping fraud is rising in the double digits every year. How many of you buy hardware at NewEgg? Here is an example how you yourself could be a victim of this caused by organized cyber crime gang Magecart.
U.S. online retailer Newegg is a recent victim. They of course own the domain newegg.com. Magecart registered an “evil twin” domain called neweggstats (dot) com together with a legitimate certificate issued by Comodo.
The legitimate domain was compromised with a card skimmer and the fake domain was pointed to a server that received credit card information stolen from Newegg customers. If you have made purchases at NewEgg in the last six months I recommend you get a new credit card!
Your users can be scammed in a variety of ways. A very popular attack this time of year are phishing scams that promote fake last-minute deals on hot items, and use FOMO (Fear of Missing Out) social engineering tactics to trick users into entering their credentials and credit card info on fraudulent websites.
Evil Twin Domain Problem Is Rapidly Rising
Last Thursday, machine ID protection firm Venafi said the evil twin domains problem is rapidly increasing with an “explosion” of look-alike, fraudulent domains appearing online at the moment.
Venafi analyzed fake domains created to mimic the World’s top 20 retailers, and found that not only is the number of fake domains rising, but many of them use a trusted TLS certificate. A look-alike domain address that only substitutes one—possibly punycode—character will very likely cause a recognition problem for your users.
Venafi stated that it is becoming “increasingly difficult” for consumers to identify fake domains from legit ones, especially when a trusted TLS certificate is thrown into the mix.
Domain Spoofing Is a Cornerstone of Social Engineering Attacks
“Domain spoofing has always been a cornerstone technique of web attacks that focus on social engineering, and the movement to encrypt all web traffic does not shield legitimate retailers against this very common technique,” said Jing Xie, Venafi senior threat intelligence analyst.
“Because malicious domains now must have a legitimate TLS certificate in order to function, many companies feel that certificate issuers should own the responsibility of vetting the security of these certificates.”
Venafi’s research showed that 84% of fraudulent domains rely on free certificates, like the ones by Let’s Encrypt. Clearly, that service is being abused to create a false sense of security for potential victims.
Venafi says that the total number of certificates issued for domains masquerading as legitimate, well-known retailers is over 200 percent greater than the number issued to authentic e-commerce platforms.
Based Blockchain Network