Security firm Venafi has discovered more than 100,000 bogus domains with valid TLS certificates targeting major retailers, more than double the number last year.
With the holiday season approaching, the company analyzed suspicious domains targeting 20 major retailers in the US, UK, France, Germany, and Australia.
The analysis led to the discovery of 109,045 lookalike domains that use valid TLS certificates to make them appear more trustworthy.
Other alarming key findings from the research include:
- Of the 109,000 bogus domains, nearly 84,000 target retailers in the U.S.
- The total number of certificates using lookalike domains is more than 400% greater than the number of authentic retail domains.
- One of the top US retailers has over 49,500 lookalike domains targeting their customers.
- There are over six times more lookalike domains than valid domains among the top 20 online UK retailers.
- Over half (60%) of the look-alike domains studied use free certificates from Let’s Encrypt.
In a statement, ing Xie, senior threat intelligence researcher at Venafi, said:
“Although our research did not analyze the specific threats connected with these domains, we know that look-alike domains are frequently used in phishing attacks and to distribute malware. For example, back in 2017, security researchers found that many certificates that contained the word ‘Paypal’ were used in phishing websites. It’s logical to assume that attackers are using similar tactics with other retail domains.”
Even worse, Xie says, “most businesses and many retailers don’t have the updated technology in place to find these malicious sites and remove them to protect their customers.”
To read the full analysis, click here.