It鈥檚 the time of year when retailers are ramping up for the holiday shopping season. And as online shopping becomes a bigger part of the retail experience, there has been a huge surge in registered websites that appear to mimic some of the leading online retailers.
, a website that assesses cyber risks, looked at the Top 50 e-commerce sites 鈥 including Amazon, Walmart and sites popular in other parts of the world.
It found an exponential increase in sites considered 鈥減hishing domains鈥 which might have a URL that鈥檚 just a little bit different from what you were going for in recent years.
鈥淲e鈥檝e discovered there are over 6,000 of these domains that have been registered before the holiday season even started,鈥 said Bob Maley, chief security officer for NormShield.
鈥淚t may have a spelling error. It might be one letter, one space off on a keyboard. What they鈥檙e trying to do is, if you look at that email when it comes through and you look at the URL that you want to click on, that it looks real. 鈥極h yeah, I really am going to what I think I鈥檓 going to.鈥 And we have seen a significant uptick in the registration of those domains. Not just this year.鈥
Websites like these also flood your inbox with mega sales and offers for things like a $50 bonus credit if you write a review about a product, or a gift card that you need to activate.
Some of those emails are easily detected as frauds. But some of them aren鈥檛, and some of them seem legitimate since many people shop on those sites regularly.
So you click on it. But that鈥檚 a habit you should break.
鈥淲hat I do is, my favorite sites, I know what the URL is, I don鈥檛 click on any mail,鈥 said Maley, who admits he does a lot of shopping online. 鈥淭he way I look at it is, if I would get an offer through email, I鈥檒l go to the link I know 鈥 and I鈥檒l go out to the site that way and then I鈥檒l do a search for the offer to see if it鈥檚 legitimate.”
鈥淚f the email’s not legitimate obviously you鈥檙e not going to find that offer but at least you鈥檝e protected yourself,鈥 he added. 鈥淭hose types of offers when they come through email, they鈥檙e crafted really well. They look like legitimate offers.鈥
鈥淒on鈥檛 click on it in an email,鈥 added Maley. 鈥淕o to the website directly, one you know is a legitimate address.鈥
Don’t trust the lock next to the web address that suggests you鈥檙e on a trusted, secure site. Maley said sometimes the bad guys are legitimately registering their bogus sites because it鈥檚 easy to do and it鈥檒l still fool you.
鈥淚t is a legitimate website [and] the traffic that is going between your computer and that website is encrypted, but the problem is the people that own that site, they鈥檙e the bad actors,鈥 said Maley. 鈥淚t tells us that yeah, the channel between us and that website is secure, but what鈥檚 on that actual website, it doesn鈥檛 help us with that.鈥
