We kicked off the holiday shopping season with expectations of sales, but beware: a new wave of fake e-shops is spreading on the internet.
Need to do some last-minute shopping for the holidays? Found a cool shop with great deals? Check it once, check it twice. Make sure you’re buying from a legitimate online store.
Our experts have noticed increased activity from cybercriminals who are taking advantage of the festive frenzy, identifying over 80,000 fake e-shops. These counterfeit sites are designed to mimic trusted brands. The goal is to scam unsuspecting shoppers into sharing personal and financial information and purchasing counterfeit goods—that is, if the items ever show up.
These counterfeit websites are made to look and feel like legitimate stores. That includes using similar URLs to confuse shoppers. Examples include:
The holiday season is more like hunting season for scammers, who exploit the increase in online shopping driven by holiday sales and post-holiday deals. With the rush to grab bargains, online shoppers need to stay aware of the risks lurking online.
The scammers' strategy is straightforward yet effective: target popular brands known for their holiday sales. They meticulously replicate everything from product offerings to website design, creating a convincingly authentic shopping experience.
This high level of detail in imitation makes it particularly challenging for shoppers to discern the real from the fake, especially when in pursuit of good deals on clothing, footwear, and other popular items.
But fret not! Let’s get in the details of the scam to help you identify it.
It usually begins with a request for personal information during a fake login or purchasing process. You might stumble upon these fake e-shops at the top of a Google or Bing search, where they present themselves with credible-looking domains, often using common TLDs like .com or .co. Their websites appear professional and are usually grammatically correct, making typosquatting and blatant mistakes a rarity.
Once you click on a phishing link, a well-designed page opens up. One of the first red flags is the absence of a cookie popup, which is a standard feature on legitimate sites. Despite this, you can browse the page, view product categories, and scroll through items without any issue.
As you engage with the site, more signs of deceit surface. When you try to add an item to the cart, a sign-in popup appears, compelling you to either log in with existing credentials or register a new account. This step is crucial for the scammer, as it's where you unknowingly send sensitive information—including usernames and passwords—directly to the attacker.
Once logged in, you can add items to your cart and proceed to checkout. Here, the scam often includes an additional discount, a tactic designed to make the deal look irresistibly attractive and rush you into making a decision.
The final stage of the scam is the most dangerous. It involves filling out payment information. This step requires entering sensitive details like your card number, CVV, or even PayPal credentials.
It's a comprehensive data harvest, capturing everything the scammer needs: your name, address, phone number, email, and credit card information. By the time you realize something is amiss, the attacker may already have all they need to misuse your personal and financial details.
Amidst the holiday shopping season, it’s crucial to be extra cautious and verify any e-commerce sites before making purchases. Here are some tips to help you shop safely:
Staying alert and informed is key to avoiding the pitfalls of holiday online shopping scams. By being aware of the tactics used by scammers and practicing safe online habits, you can enjoy the benefits of holiday shopping without the stress of falling for a scam.
So, keep these things in mind when looking for the pending gifts on your wish list. Happy, secure shopping this season!
1988 - 2024 Copyright © Avast Software s.r.o. | Sitemap Privacy policy