December 22, 2021 By David Bisson 2 min read

The number of malicious shopping-related websites increased 178% ahead of the 2021 holiday shopping season, according to Check Point Research. See how to recognize and prevent e-commerce fraud.

A spike in e-commerce fraud websites

Beginning in October, Check Point Research observed an average of 5,300 malicious e-commerce fraud websites emerge each week. That marks a rise of 178% compared to the average for the rest of the year.

The impact of those websites also began to pick up in that period. Earlier in the year, the sites affected one of 352 corporate networks. That impact rose to one in 47 in October. At the beginning of November, it was one in 38.

Those websites involved various types of malicious activity. In one attack campaign, for instance, Check Point Research witnessed malicious actors send out emails advertising “Cheap HandBags” and “Up to 80% OFF Michael Kors HandBags”. Those e-commerce fraud emails contained a link to similar websites hosted on or around Oct. 19.

Another attack campaign sent out a fake “Urgent notice” from an online retailer. The email informed the recipient that the online retailer had failed to renew their account. It contained a link that redirected recipients to a website designed to steal their account credentials.

What e-commerce attacks mean for security

Over the course of 2021, Imperva observed that bot attacks on retail websites increased 13% compared to the same months in the previous year.

Over half (57%) of those attacks on e-commerce websites involved bots, the security firm found. By comparison, bots were behind just a third of attacks on the sites of other industries in 2021.

Bots weren’t the only drivers of e-commerce fraud in 2021, either. At the beginning of December, for instance, Bleeping Computer reported that attackers were using a threat called NginRAT to target the remote access capabilities provided by Nginx servers and to conduct server-side attacks for the purpose of stealing users’ payment card data.

NginRAT appeared on e-commerce servers in North America and Europe that digital attackers had previously infected with CronRAT.

Looking ahead, the rest of the 2021 holiday season isn’t expected to improve for shopping-related websites. Per Zscaler, security researchers estimate that HTTPS threats on e-commerce platforms will grow 314% through the rest of the year.

How to defend against e-commerce fraud this holiday season

In response to the attacks discussed above, organizations can use security awareness training to educate employees about potentially malicious e-commerce websites.

Teams can focus on cultivating their employees’ suspicions of lookalike domains pretending to be retailer websites, holiday shopping offers that appear too good to be true and password reset emails that arise out of nowhere.

In addition, adopt a multifaceted approach to endpoint security that monitors for inappropriate device behavior and controls access to resources. Such methodology can help you quickly respond to instances of malicious e-commerce sites carrying ransomware or other types of digital threats.

More from News

CISA warns about credential access in FY23 risk & vulnerability assessment

3 min read - CISA released its Fiscal Year 2023 (FY23) Risk and Vulnerability Assessments (RVA) Analysis, providing a crucial look into the tactics and techniques threat actors employed to compromise critical infrastructure. The report is part of the agency’s ongoing effort to improve national cybersecurity through assessments of vulnerabilities in key sectors. Meanwhile, IBM’s X-Force Threat Intelligence Index 2024 has identified credential access as one of the most significant risks to organizations.Both reports shed light on the persistent and growing threat of credential…

CISA launches portal to simplify cyber incident reporting

2 min read - Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal. “The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement. “Reported incidents enable CISA and our partners to help victims mitigate…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today