Number of Malicious Shopping Websites Jumps 178% ahead of November e-Shopping Holidays, Breaking Records

10
  • Check Point Research (CPR) spots over 5300 different malicious websites per week, marking the highest since the beginning of 2021 
  • Numbers show a 178% increase compared to 2021 so far
  • 1 out of 38 corporate networks are being impacted on average per week in November, compared to 1 in 47 in October, and 1 in 352 earlier in 2021
Omer Dembinsky, Data Group Manager at Check Point Software said:

Holiday season is right around the corner, and the month of November presents a shopping extravaganza, especially for those of us who love online shopping. In Asia Pacific, Australia’s Click Frenzy just past on November 9, China’s Single’s Day just passed on November 11, and coming up we have Black Friday and Cyber Monday. 

The pandemic has resulted in clear change in habits, and shopping is no different, with most people moving to online shopping, resulting in a boom in e-retail. Retailers are only too happy to leverage this trend and the opportunity offered by special shopping days. This year, online holiday shopping is expected to reach a record $910 billion in sales. 

However, amidst the buzz and excitement, threat actors are also prepping themselves to leverage the events for their own malicious purposes. 

Sharp increase in new shopping-related malicious websites

Since the beginning of October 2021, CPR researchers witnessed the highest amount of malicious websites related to shopping and sales offers. On average, over 5300 different websites per week were spotted, marking a 178% increase, compared to the average in 2021, thus far.

Figure 1: Sharp increase in malicious shopping websites (Jan – November 2021) 

The global impact of these websites has peaked since beginning of November, with 1 out of 38 corporate networks being impacted, on average per week, compared to 1 in 47 in October, and 1 in 352 earlier in 2021.

Not exactly the handbag I was looking for

CPR discovered a number of similar emails sent from “Cheap HandBags” or “Michael Kors” (with unrelated email addresses), containing subject lines such as:

“Fashion MK Handbags 85% Off Shop Online Today”

“Up to 80% OFF Michael Kors HandBags on Sale, High Fashion, Low Prices”

“Shop All Michael Kors Handbags, Purses & Wallets Up To 70%”

Figure 2 and 3: Emails allegedly from Michael Kors:

Each had a link to a similar website, with similar names, and were registered on similar dates (mainly October 19, 2021).

Further investigations showed at least 7 additional similar domains, where all were active under the ip range of 104.21.xxx.xxx, and are currently unavailable. Their main activity was seen from the second half of October for a few days, and some were active up to the second week of November.

Be careful where you log into

CPR discovered an email sent from “Amazon. Urgent notice”. The email address contained a Chinese domain and the email had a subject in Japanese saying “System Notification: Unfortunately, we were unable to renew your Аmazon account” (translated from Japanese). The link in the email led to a website masquerading as Amazom.co.jp website in both the name and the look https://www[.]amazon-co-jp[.]fo2j.top/. 

Figure 4: Impersonation of Amazon Japan

Omer Dembinsky, Data Group Manager at Check Point Software said:

“We track the number of malicious websites related to online shopping almost every year ahead of the November e-Shopping holidays. This year’s numbers have broken our records. We’ve seen a staggering 178% increase in malicious online shopping websites this time, compared to the previous months in 2021. Hackers are doubling down on the strategy to lure consumers into fraud through ‘too good to be true’ offers, promising large discounts such at 80% or 85% off. Their strategy is to capitalize on a consumer’s excitement after showing an eye-popping discount. I strongly urge consumers to beware of these ‘too good to be true” offers as they shop online on Black Friday and Cyber Monday. You can protect yourself by being attentive to lookalike domains, shopping from reliable sources and spotting password reset and other account related notifications that show excessive urgency. Do not click these links, and if needed – go directly to the website and change details from your account.”  

Security Tips for Online Shoppers

Here are our recommendations and tips to secure your online shopping experience this November:

  • Always shop from an authentic, reliable source. Do not click on promotional links you get over email or social media. Proactively Google search your desired retail or brand.
  • Be attentive for lookalike domains. You should notice spelling accuracy in emails or websites, and note unfamiliar email senders or peculiar email addresses you receive promotions from.
  • Too good to happen shopping offers are indeed too good to happen. A new iPad will NOT go on an 80% discount this season, unfortunately. 
  • Always look for the lock. Making an online transaction from a website that does not have secure sockets layer (SSL) encryption installed is an absolute NO-GO. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
  • Having an endpoint and email security solutions in place can mean the difference between a major security incident and a non-event.  
  • Always be attentive to password reset emails, especially when volumes of traffic online are at a peak, like the November shopping season, If you receive an uninvited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site. Not knowing your password is, of course, the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and send those to them.

The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point Software.