Bogus eCommerce Sites Spinning Up for Holidays



holiday-shoppingThe number of potential e-commerce phishing domains registered in the first nine months of 2019 is more than six times the amount registered during the same period in 2016, a report from NormShield has found. The researchers looked at fifty major e-commerce companies and identified more than 6,000 domains that will likely be used for phishing attacks impersonating those companies. That’s 11% higher than the phishing domains registered in the first nine months of 2018.

NormShield expects the total number of phishing domains registered this year to surpass 9,000, since there’s always an increase during the holiday season. Additionally, the researchers note that 30% of these phishing domains possess a valid certificate, compared to just 11% last year. These sites are designed to convincingly imitate the login pages of real companies.“Hackers don’t always copy a complete website to execute phishing fraud,” NormShield’s report says.

“They also use social engineering, credential-based landing pages, or use individual brand images and
elements to create fake deals while impersonating ecommerce sites like Amazon....Consumers are
primed to receive an overwhelming number of emails throughout the holiday season. Hackers are
counting on consumers falling for their fake offers hidden in plain sight among real ones ”

Everyone who uses the Internet will eventually encounter these scams, and they’ll likely fall for one if
they don’t know what to look for. New-school security awareness training can help your employees
exercise vigilance and avoid falling victim to these attacks.

NormShield has the story: https://www.normshield.com/white-paper/the-state-of-e-commerce-
phishing-2019/


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Subscribe To Our Blog


Traditional Security Webinar Kevin Mitnick




Get the latest about social engineering

Subscribe to CyberheistNews