
Throughout the year - and for years - cybercriminals become more active as well as more inventive. Among the things Infoblox reported earlier this year were the discovery of Prolific Puma, a service that spreads malware via link shorteners; Decoy Dog, a malware toolkit that uses DNS as an attack vector; and lookalike domains aimed at bypassing corporate networks' multifactor authentication.
Around the holidays, the risk of online scams is even higher, as criminals capitalize on the spike in online shopping. Infoblox warns especially about lookalike domains of well-known brands and online stores.
Just recently, NordVPN announced that some 25% of Dutch people have experienced online scams around the holidays. The police are also warning of a sharp rise in the number of rogue webshops. The average damage per consumer is about 350 euros, but given the large scale of these campaigns, the total damage quickly adds up to tons.
Similar to the campaigns Infoblox reported on earlier this year, criminals are using lookalike domains during the holidays: websites that resemble those of trusted brands. For example, by using a capital "i" instead of an "l," or characters from other alphabets that look exactly like characters from our own alphabet. Other domains are not strictly speaking lookalikes, but still use brand names to convey trust, such as wehkamp-outlet(.)nl or zara-nederland(.)nl.
Victims are usually approached through known channels to log in or place an order. Adversary-in-the-middle methods are used to convince you that a website can be trusted. Often the criminals already have email lists and other data, so they can send messages that appear trustworthy at first glance. Links in these messages then send users to a specially set up lookalike domain, which looks like the familiar login or shopping environment. There you are tricked into spending money that is immediately redirected to a foreign account; or your login credentials with a package delivery company are captured if you want to track your order, for example.
Infoblox's advice is:
- Always remain suspicious. Don't be tempted by high discounts, but critically examine the web pages you visit and the emails you receive. In doing so, watch for subtle differences in design and language that are out of place.
- Think before you click. Resist the urge to click on links in emails or pop-ups when in doubt. Instead, go directly to the official website by typing the URL into your browser, or look it up through a search engine.
- Triple-check the URL. Before buying anything, always check that the website's URL is correct. Scammers often create URLs that look like familiar brands, so take a moment to make sure you're on the legitimate site.
- Stick with the trustworthy. Start your bargain hunting for deals on a brand or retailer's official website. Use search engines to find a reliable starting point and navigate from there. This extra step can prevent you from falling into the trap.
- Trust your instincts. If an offer seems too good to be true, it often is. Trust your instincts and don't hesitate to click away if something doesn't feel right. Your online safety is more important than a good deal.