We’re all getting back into the holiday spirit after a somewhat glum 2020 season, Remember that the holiday shopping season doesn’t end on December 25. In fact, some retailers then put their marketing effort into overdrive. You will find after holidays sales, new year’s sales, and even “getting rid of all this stuff we didn’t sell at Christmas” sales advertised under some creative title. Retailers try to take advantage of the shopping spirit as far into the new year as they can. Criminals capitalize on this by creating phishing campaigns combined with fake shopping sites with lookalike domains (domain jacking) or taking advantage of typos (typosquatting): they are also upping their game.

Online Scams on the Rise

In a study by FairWinds Partners, 80% of the sites used for domain jacking see a significant increase in traffic during these after season times. Phishing scams, pay-per-click ads, and malvertising are on the rise.

Infographic showing Domain security framework with 3 areas being protected, and key finings from research into the online scam techniques being used.

Do-jacking and typosquatting happen when a cybercriminal uses a domain that is very close to a popular site for various scams. Often, the website collects information to use it for other nefarious purposes. Sometimes even just to sell on the underground markets. Additionally, it is used to get malware onto a visitor’s computer or device.

Mistakes Can Lead to Fake Shopping Sites

The way these attacks happens is simply by taking advantage of mistakes. Perhaps a letter is added to a site name as it for barnesandnobles.com (the real one being without the “s” on the end), for example. They take advantage of people making typographical mistakes. With a quick glance, the user likely won’t notice the subtle difference. This also occurs when a letter may be substituted with a number. One such way would be replacing a lower case “L” in a name with a number “1.”This is a very common problem with online banking sites or for sites where payment card data is entered. Cyberthieves know that the credentials associated with those sites are very valuable.

Remember, Mid Oregon Credit Union’s website is www.MidOregon.com. There are no dashes or other added letters.

Domain spoofing tactics commonly in use, such as fuzzy matches, keyword match and "cousin domains".

Take Your Time and Review!

When preparing to do shopping online or enter any confidential, sensitive, or personally identifiable information into a website, take a little extra time to review the site name and make sure it’s correct first. Don’t click links that you find in email messages or that show up on the side of your web browser, for instance. Instead, type the name into your browser, but definitely use caution when doing so, because going to a site even for a second can cause malware to be downloaded onto your device. This is called a “drive-by download.”

Always make sure your devices are all equipped with anti-malware and anti-virus software or applications. Keep them updated at all times. This includes all mobile devices on any operating system. 

If you are ever in doubt about a website’s authenticity, don’t put any data into it. Instead, do a little more investigating before doing anything further. There have been enough barriers to our joy lately. Don’t let do-jacking and typosquatting spoil the good times this year.

Read more Mid Oregon View articles about cybercrime and online fraud, to safeguard from cybercrime.