Look-Alike Domains Emerge As Huge Holiday Fraud Threat

Look-alike domains are increasingly finding favor with criminals eager to rip off online shoppers, according to a new report from Venafi, a cybersecurity firm.

Its research found that the “total number of certificates for look-alike domains is more than 200 percent greater than the number of authentic retail domains.”

To drive home the danger and scope of the problem, Venafi said that one top 20 U.S. retailer has more than “12,000 look-alike domains targeting their customers.” In Germany, meanwhile, there exist “four times more look-alike domains than valid domains” when measured by the top 20 online retailers in that country.

Venafi based its findings on how fraudsters target the top 20 online retailers in the U.S., U.K., France, Germany and Australia. Cyberattackers create look-alike domains by “substituting a few characters in the URLs,” the company said in a statement.

“Because they point to malicious online shopping sites that mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe for online shoppers, who unknowingly provide sensitive account information and payment data.”

The Venafi report also found that “the growth in look-alike domains appears to be connected to the availability of free TLS certificates; 84 percent of the look-alike domains studied use free certificates from Let’s Encrypt.”

The report also indicates that such fraud attempts will increase as consumers do more holiday shopping. A recent PYMNTS interview highlighted how account takeovers and other types of fraud attempts are likely to increase during the 2018 holiday shopping season.

“Ultimately, we should expect even more malicious look-alike websites designed for social engineering to pop up in the future,” said Jing Xie, senior threat intelligence analyst for Venafi. “In order to protect themselves, enterprises need effective means to discover domains that have a high probability of being malicious through monitoring and analyzing certificate transparency logs. This way, they can leverage many recent industry advances to spot high-risk certificate registrations, crippling malicious sites before they cause damage by taking away their certificates.”