Advertisment

Fraud e-com websites exploit post new year sales

author-image
DQI Bureau
New Update

The associated costs to fraudulent websites are minimal compared to the numbers game the bad guys play; they cast a wide net and you may be the catch of the day.

Websense Security Labs have published a blog, ‘Fraudulent e-Commerce Websites Exploit the Post-New Year's Day Sales Drive', discussed fraudulent e-commerce websites exploiting the post New Year sales. Excerpts:

Advertisment

As we welcome the New Year, we must be aware that the bad guys will use every opportunity to exploit events of a positive and negative nature. Yes, even the recent disastrous weather experienced on the east coast of the United States was exploited to try and obtain valuable information that could be used for identity and monetary theft from grief-stricken or worried families and friends.

The associated costs to fraudulent websites are minimal compared to the numbers game the bad guys play; they cast a wide net and you may be the catch of the day.

Let us explore this further through an example.

A Swarovski(the brand name of a popular crystal jewelry manufacturer) fraudulent site was detected by the Websense® ThreatSeeker® network. The site hxxp://www.swarovskisale.co/ purports to be selling discounted Swarovski jewelry. The first indicator that something may not be all that it seems is the Top Level Domain, .co. Proving popular among the bad guys due to its lexical relationship to the .com TLD, the .co TLD is assigned to Colombia.

The policies regulating the registration of the .co TLD allow for all persons or entities with no domicile in Colombia to register a .co domain.

We searched our Websense Security Labs database to see if this brand name was being abused; a number of results were returned. Further investigations of the registrants' records revealed that a common thread among the results was that the sites are registered to a common entity.

The registration details appear to be random text, while the email address follows the theme seen here: louisvuitton563@hotmail.com. Using that information, a search of the Websense Whois DB revealed 1500+ websites following this pattern and/or including these same registration details.

Here are some examples:

  • mulberryorderonline.com
  • nikenfljerseyspro.com
  • nikenfloutlet.com
  • taschenlouisvuitton-de.info
  • uggbootssoutlettonline.com
  • prada-fr.info
  • abercrombies-fra.info
  • abercrombies-fre.info

At the time of writing this blog, the majority of the examples listed above were parked with GoDaddy and registered in October 2012. We can assume here that these sites will be used in the near future in spam or phishing campaigns.

In conclusion, the old adage of caveat emptor still applies even in the virtual shopping world. Be aware when online; if it sounds too good to be true it most probably is. Websense can help to protect you from these fraudulent sites. Security Labs researchers work constantly to conduct the type of research we have outlined here to protect our customers.

Source: http://community.websense.com/blogs/securitylabs/archive/2013/01/09/fraudulent-e-commerce-websites-exploiting-the-post-new-year-s-sales-drive.aspx

Advertisment