A vector graphic to represent the blog, Tis the Season for Fake Shopping Sites, A woman is shopping on a smartphone that is as tall is she is. She is entering in her card information. Behind the phone is a scammer dressed in black. It's like he is collecting her card information as she enters it into the phone.

‘Tis the Season of Fake Shopping Sites

Retailers try to take advantage of the shopping spirit for as long as they can, and scammers like to capitalize on this by creating phishing campaigns combined with fake shopping sites with lookalike domains (domain jacking) or taking advantage of typos (typosquatting) are also upping their game.

In a study by FairWinds Partners, 80% of the sites used for domain jacking see a significant increase in traffic during these after season times. Phishing scams, pay-per-click ads, and malvertising are on the rise.

Do-jacking and typosquatting happen when a cybercriminal uses a domain that is very close to a popular site for various scams. Often, the website collects information to use it for other nefarious purposes or even just to sell on the underground markets. Sometimes, it is used to get malware onto a visitor’s computer or device.

The way these attacks happen is simply by taking advantage of mistakes. Perhaps a letter is added to a site name as it for barnesandnobles.com (the real one being without the “s” on the end), for example. They take advantage of people making typographical mistakes. With a quick glance, the user likely won’t notice the subtle difference. This also occurs when a letter may be substituted with a number; such as replacing a lower case “L” in a name with a number “1.”This is a very common problem with online banking sites or for sites where payment card data is entered, because cyberthieves know that the credentials associated with those sites are very valuable.

It’s advised that when preparing to do shopping online or enter any confidential, sensitive, or personally identifiable information into a website, you take a little extra time to review the site name and make sure it’s correct first. Don’t click links that you find in email messages or that show up on the side of your web browser, for instance. Instead, type the name into your browser, but definitely use caution when doing so, because going to a site even for a second can cause malware to be downloaded onto your device. This is called a “drive-by download.”

Another giveaway for fake shopping sites is items priced very low. If it looks to good to be true, it probably is.

Always make sure your devices are all equipped with anti-malware and anti-virus software or applications and it’s kept updated at all times. This includes all mobile devices on any operating system. 

If you are ever in doubt about a website’s authenticity, don’t put any data into it. Instead, do a little more investigating before doing anything further. Don’t let do-jacking and typosquatting spoil the good times this year.