Thu. Dec 3rd, 2020

Cyber Criminals Are Using Fake Sites to Lure Holiday Shoppers

According to researchers at Check Point, there has been a spike in phishing scams promoting e-commerce related phishing sites — compared to last year, there has been a 233% increase.


“12 months ago, in November 2018, we witnessed a significant increase in the amount of e-commerce related phishing websites being accessed directly, or from links sent via email. And this year we can already see a similar trend. With only half of November over and even before the peak of Black Friday and Cyber Monday, the use of e-commerce phishing URLs has more than doubled since last November’s peak – in fact, it’s up by 233%,” the Check Point researchers reported.


In one campaign, researchers discovered an email phishing campaign and a sophisticated lookalike site that impersonated Ray-Ban.


The bogus site, which was created on November 6th, was hosted on a domain named xwrbs[.]com. And, the next day, Check Point researchers observed it being used in phishing emails sent to thousands of users.


The emails attempted to lure unsuspecting victims with a Black Friday deal offering 80% off custom Ray-Ban glasses.


However, when victims clicked on the enclosed link, they were directed to a phony site.



The site itself is fully functional and looks like the real Ray-Ban site. The only noticeable difference is that when victims go to the checkout page, they are asked to make their payment via PayPal.


Victims who decide to make a purchase are directed to the legitimate PayPal site to enter their login credentials and confirm their purchase. At this time, however, Check Point researchers don’t know if the malicious actors will steal the money or send victims knockoff glasses.


So, this holiday season beware of scams and stay protected with these suggestions:

  1. If a deal is too good to be true, then it probably is. Any email that offers incredibly deep discounts on a popular item is most likely a bait-and-switch or some sort of scam.
  2. Be aware of lookalike domains that look similar to a brand’s normal domain name, but may contain spelling errors or minor mistakes.
  3. Instead of clicking on links sent in emails, use search engines to find a brand’s legitimate web site and browse the deals directly on their site.