A new report from Venafi has found that over 100,000 domains have been registered that look very similar to the domains of popular online retailers. The domains use legitimate TLS certificates to make the website appear safe and trusted. This number is almost double the number of domains that were registered in 2018. Throughout their research, Venafi found that the top twenty retailers were targeted in the United States and the top retailer, who they did not name, had over 49,000 fake domains registered. Threat actors are using the service “Let’s Encrypt,” which offers free TLS certificates for any domain without verifying the identity of the owners of those domains.
Analyst Notes
Retailers should take action to prevent themselves from falling victim to these types of attacks and protect their customers. Searching for newly registered domains that mimic their domain is one of the best steps to find and report these domains. The Binary Defense Counterintelligence team’s typo-squatting monitoring service is able to search all newly registered domains and alert clients when any suspicious domains are registered. Customers should use online tools to scan websites they are visiting to check its integrity and reputation. This should be done on all websites before entering personally identifiable information (PII) into any website. Clicking or tapping the “lock” icon for a website will reveal details about the Certificate Authority that issued the TLS certificate –it is highly unusual for a legitimate e-shopping website to use a free certificate issued by “Let’s Encrypt,” making that a warning sign for consumers to avoid shopping at such a website. More information can be found here: https://www.venafi.com/blog/holiday-shoppers-beware-look-alike-domains-are-targeting-your-wallet
