TMCnet News
Venafi Research Uncovers Suspicious Retail Look-Alike Domains Using Valid CertificatesVenafi®, the leading provider and inventor of machine identity protection, today released research on the explosion of look-alike domains, which are often used to steal sensitive data from online shoppers. The company analyzed suspicious domains targeting 20 major retailers in the U.S., U.K., France, Germany and Australia and found over 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted. According to Venafi's research, growth in the number of look-alike domains has more than doubled since 2018, outpacing legitimate domains by nearly four times. Key findings from the research include:
As online shopping continues to grow, so does the targeting of consumers through malicious look-alike domains. Cyber attackers create fraudulent domains by substituting a few characters in the URLs. Because they point to malicious online shopping websites that closely mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe to online shoppers who unknowingly provide sensitive account information and payment data. As the holiday shopping season approaches, the number of look-alike domains targeting online shoppers wil multiply. Online retailers that discover malicious domains can take several steps to protect their customers, including:
"We continue to see rampant growth in the number of malicious, look-alike domains used in predatory phishing attacks," said Jing Xie, senior threat intelligence researcher at Venafi. "This is a result of the push to encrypt more and potentially all web traffic, a trend that generally improves security for users but inadvertently introduces a new challenge to existing methods of phishing detection. Most businesses and many retailers don't have the updated technology in place to find these malicious sites and remove them to protect their customers." For more information, please visit: https://www.venafi.com/blog/holiday-shoppers-beware-look-alike-domains-are-targeting-your-wallet About Venafi Venafi is the cybersecurity market leader and inventor of machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, code signing, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise-on premises, mobile, virtual, cloud and IoT-at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted. With over 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S., U.K., Australian and South African banks; and four of the top five U.S. retailers. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel (News - Alert) Capital, QuestMark Partners, Mercato Partners and NextEquity. For more information, visit: www.venafi.com. View source version on businesswire.com: https://www.businesswire.com/news/home/20191114005180/en/ |