Research from BforeAI reveals more than 6,000 domain registrations in the past 90 days, targeting the retail industry. Increases in Domain Name System (DNS) scams are typical during the holiday season, seeking to leverage increased e-commerce activity.
Out of nearly 6,000 domains observed, the research uncovered more than 4,000 used popular retail keywords and brand names. Furthermore, 60% of observed domains were newly registered and active. Malicious actors attached numbers or terms such as “shop,” “deal” or “save” to the brand name in order to appear legitimate. Some domains are years old, emphasizing the duration and consistency of these scams. Techniques observed in the research include string manipulation tactics, typosquatting methods, social engineering, fraudulent chatbot support and phishing websites.
The top brands impersonated include:
- Walmart (1844)
- Amazon (947)
- Target (474)
- eBay (138)
- Etsy (107)
- Costco (83)
- Ikea (51)
- Home Depot (34)
- Tesco (9)
The report encourages holiday shoppers to shop on verified websites, use secure payment methods, ensure used websites have secure connections, be wary of unsolicited email advertisements, and to be cautious if a shopping deal seems too good to be true.