NormShield Researchers Find Thousands of Potential Phishing Websites Designed to Look Like Top E-Retailers, and more are coming just in time for the holidays
VIENNA, VA, November 6, 2019 – Cyber criminals are aggressively trying to trick consumers into spending money on fake e-commerce sites designed to resemble the 50 most popular e-retailers. New research from NormShield projects that there’s already been 6,000 potential e-commerce phishing sites in 2019. By the end of the year, that could be up to 9,000.
NormShield’s State of E-Commerce Phishing 2019 looked at sites spoofing the 50 largest global e-commerce companies, which includes popular sites like Amazon, Walmart, eBay, Etsy, and Poshmark.
Using NormShield’s tools, the research team found the number of potential phishing domains has increased 11% compared to 2018.
The number of potential phishing domains for 50 major e-commerce sites certified by registrars tripled in 2019 over 2018 and has multiplied six times in the last four years.
Of the 50 sites NormShield reviewed, the 10 e-commerce sites they found to have the most potential phishing domains were:
The NormShield research team also found that threat actors have found a way around one of the best digital defenses available to consumers. Almost a third of the potential phishing sites were able to get valid certificates for their sites. Consumers have learned they can see what sites have valid certificates by looking for a padlock in the address bar. However, the NormShield research shows that consumers may want to look for additional signs a site is secure besides the padlock.
“Cybercriminals are going after Christmas and holiday shoppers. Unfortunately, this is the season for online crime feasting on the little guy,” said Paul Paget, CEO of NormShield. “But consumers are far from the only victim. E-commerce stores not only lose sales, but they have to spend money to protect their reputation from attackers exploiting their brand’s good standing.”
Other researchers have backed up Paget’s points. Reporting from Deloitte shows one in every three consumers will no longer do business with a company if they think that business was responsible. While the World Economic Forum found, on average, more than 25% of a company’s market value is directly attributable to its reputation. Website phishing has contributed to $1.3 billion in BEC losses in 2018, according to the FBI’s Internet Crime Report.
NormShield provides a free “Potential Phishing Domain Search” which allows users to investigate potential phishing domains impersonating e-commerce sites. Users can simply enter a domain and receive a score to evaluate the likelihood that a website may or may not be used as a front for phishing.
“We make this tool available so people can get at least some sense of what is out there,” Paget said. “But the bad actors are generating new spoofs all the time. Both consumers and E-commerce merchants have to be diligent to take advantage of credible tools that are out there before they send good money to bad people.”
Additionally, the Better Business Bureau warns consumers that a website may be a scam if:
1. It was recently created. You can verify the website’s creation date by checking the URL on the website, whois.com.
2. It does not prominently display verifiable contact information, such as a phone number, email address, and a street address.
3. The street address is fake, a home address, or belongs to a different business. Do an online search of the advertised address; you may be surprised.
4. The price is too good to be true. Fake websites often lure potential victims with their amazingly low prices. If you know the product costs $500 everywhere else, and the website you are looking at has the exact same product for $150, it may be a scam
5. Other consumers have reported being scammed by the website. Check for other online reviews and search the business name and URL on bbb.org.
NormShield enables enterprises to assess, prioritize, and address the third-party cyber risk of any company, located anywhere, within 60 seconds. Using easy-to-understand scorecards, NormShield not only provides standards-based letter grades on various risk categories along with data on how to mitigate each risk in a priority order, but also the first-ever automated tool to measure the potential financial loss caused by an attack on a supplier or partner. NormShield provides the substance, scale and speed needed to effectively assess and monitor the cyber risk posture of any company or organization.
Learn more at www.normshield.com.
For more information, contact: Adam Benson, 202.999.9104, [email protected]