Phishing is a very popular method for cyber criminals to gain access to data that can compromise the security of credit cards, or provide information that opens up unsuspecting consumers to identity theft. Despite constant publicity and warnings, and advice on how to avoid being a victim of these high-tech criminals, people continue to be fooled and consequently scammed by people using this method.
DomainTools, a leader in domain name and DNS-based cyber threat intelligence, has just released the names of the top U.S.-based retail companies whose brands are frequently abused by criminals who are creating look-alike domains for phishing. The research uncovered multiple malicious domains created each day spoofing Amazon, Apple, Gap, Nike, and Walmart.
Hackers have become skilled at creating websites and emails that closely resemble the actual brand. These websites trick unsuspecting consumers into thinking they are on a legitimate website or are receiving a message from their preferred retailer. One of the more popular ways to generate phishing domains is to add certain words (called affixes) like “account,” “login,” “online,” or countless others to the domain names of legitimate organizations. This makes the victims believe they are either visiting the legitimate site or receiving a trusted email. Victims may then submit sensitive information, such as passwords and credit card numbers, to these websites. For example, it has been reported that a phishing email led to the stolen personal and financial data of more than 110 million Target shoppers.
“Top brands such as Amazon and Apple are typically targeted because of the amount of traffic going to those sites. In addition, they are highly reputable companies, making it easier for consumers to fall victim. Using PhishEye, we are able to identify the look-alike domains that are spoofing these top brands on the day that they are created,” said Kyle Wilhoit, senior security researcher at DomainTools. “A brand with this information could block the spoofed domain and investigate the perpetrator behind it – potentially saving millions of dollars. The more we profile this malicious behavior, the better we can defend against it.”
A snapshot of a PhishEye report shows how many high-risk domains (domains that scored 70 or higher according to DomainTools’ reputation score) were created between March 27-31, 2017 to spoof well-known online retailers. High-risk domains are defined as either already on a commercially-available blacklist or having a strong correlation to known blacklisted domains.
| Organization | Number of high-risk domains | Sample high-risk
domains |
| Amazon | 14 | sellercencetral-amazon[.]it
amazonhome[.]club noreply-amazon[.]com amazon-gc[.]tk amazon-walmart-ebay[.]info |
| Apple | 210 | securedapplewebverification[.]ga
auth-apple-id[.]com apple-accountservice[.]com apples-verificationsecurepage-required[.]ml iphone-applen[.]com |
| BestBuy | 2 | bestbuyorsell[.]store
bestbuyshops[.]us |
| Nike | 10 | aunikefactorystore[.]com
nikefreerun[.]no cheapnike-airmax[.]us nikeairmax-2016[.]us nikefree[.]us |
| Walmart | 5 | pharmacyonlinewalmart[.]com
aproveite-walmart[.]com saldaowalmartmarco[.]com walmart-shopping-bestdeals[.]info |
To review the full PhishEye report, and to review tips on how consumers and organizations can protect themselves, visit: http://blog.domaintools.com/2017/05/up-to-your-gills-in-phishing-attacks-this-research-may-help.
