Websense uncovers more than 2,000 live typosquatting sites, many designed to scam and steal data from online shoppers
SAN DIEGO, Dec. 13, 2011 /PRNewswire/ -- Holiday shoppers are flocking online to get the latest deals and beat the in-store crowds. Unfortunately, the bad guys have set up shop to infect your computer and steal your personal information if you accidentally mistype the website name.
That's the warning from content security leader Websense, after its security researchers recently found more than 2,000 typosquatted online domains set up to ensnare the unaware. These domains mimic the legitimate addresses of big retailers like Wal-Mart, Apple, and Best Buy with URLs like WallMatt (dot) com, Appple (dot) com, and Bestbuyh (dot) com.
Record online sales have already been reported since "Cyber Monday," and online shopping continues to be brisk. So beware of the clever crooks: you may get to a page that looks just like your favorite retailer, but the site may then lead you to a phishing or other potentially harmful site that injects malware or infects your system with spyware. Some sites are convincing enough to lead people to enter their credit card information.
Many of the illicit sites also take advantage of top level domains by having the brand names spelled correctly, but incorrectly lead to ".org" or ".net" domains that the criminals own. These websites are often used in fake emails and phishing sites that try to lure a consumer to claim online vouchers or coupons for retailers. The user is then asked to select another offer shown in a pop-up window. These pop-ups often host fake competitions offering high-value, desirable prizes like the latest iPhone. Users completing online forms inadvertently provide cybercriminals access to their personal information, leading to identity theft, phishing scams, and malware.
Quotes
"Online holiday shopping is as engrained in the criminal culture as it is in the popular culture. Criminals are very adept at creating scams that look legitimate to the eyes of the shopper, but are instead meant to deliver malware and information-stealing code, rather than the items on your holiday list. As if this isn't bad enough, the problem multiplies if the person shopping is an employee at work on their lunch break, potentially opening their business network up to expensive and embarrassing data theft."
"Careful typing helps, but will never be enough, so it's highly recommended that companies install real-time email and web security, along with solutions that prevent data theft and loss of confidential information—protection that traditional antivirus and firewall products don't provide."
-- Patrik Runald, Websense Security Labs
courtesy of: http://www.prnewswire.com
No comments:
Post a Comment