DomainTools released the names of the top U.S.-based retail companies whose brands are frequently abused by criminals creating look-alike domains for phishing. The research surfaced multiple malicious domains each day spoofing Amazon, Apple, Gap, Nike, and Walmart.
Cybercriminals have become adept at creating websites and emails that closely resemble the actual brand, tricking consumers into thinking they are on a legitimate website or receiving a message from their preferred retailer. One of the more popular ways to generate phishing domains is to add certain words (called affixes) like “account,” “login,” “online,” or countless others to the domain names of legitimate organizations, in order to make the victims believe they are either visiting the legitimate site or receiving a trusted email.
Victims then often submit sensitive information, such as passwords and credit card numbers, to these websites. For example, it has been reported that a phishing email led to the stolen personal and financial data of more than 110 million Target shoppers.
“Top brands such as Amazon and Apple are typically targeted because of the amount of traffic going to those sites. In addition, they are highly reputable companies, making it easier for consumers to fall victim. Using PhishEye, we are able to identify the look-alike domains that are spoofing these top brands on the day that they are created,” said Kyle Wilhoit, senior security researcher at DomainTools. “A brand with this information could block the spoofed domain and investigate the perpetrator behind it – potentially saving millions of dollars. The more we profile this malicious behavior, the better we can defend against it.”