How Walmart – among others – fell victim to recent customer phishing scams
One thing we know about consumer-focused cyber criminals is they’re more likely to strike during busy shopping periods. Black Friday – the day after Thanksgiving – and Cyber Monday, the first Monday after the holiday, are well-known to be hotbeds of cyber-criminal activity.
With this in mind, in the days leading up to Mother’s Day and Memorial Day 2019, Segasec monitored several large US-based retailers for signs of cyber-attacks targeting their customers. Unsurprisingly, we found a significant increase in suspicious activity over non-holiday periods.
Following is an overview of the attacks we monitored and tips for protecting your company from domain manipulation and content scraping:
Domain threats double during the holiday season
Three companies we looked at were Best Buy, Walmart and Wayfair. Each brand had live attacks in progress during the pre-Mother’s Day and pre-Memorial Day periods. Dozens of highly suspicious domains related to these brands were registered.
For example, Segasec uncovered a shocking 160 domain registrations associated with Walmart in the week leading up to Mother’s Day that could not be connected to the legitimate company, compared to 80 the week before.
If these phishing scams are out there, chances are customers are falling for them
Every company that Segasec checked had current live threats putting their customers at risk. This is a clear sign of a trend. All companies should assume that suspicious domains targeting their brand are out there, right now. Domain intelligence is, therefore, the first essential part of any anti-phishing strategy.
Broad protection will scan all registered domain names, looking for similarities to your own. Advanced solutions based on machine learning can help domain protection go even further, identifying similarities that could be invisible to the human eye, such as letters from alternate alphabets, and tracking suspicious domains from the earliest possible stages of the attack.
Content scraping is even harder to detect
A live Wayfair threat uncovered through the Segasec research showed a fake login page, designed to mimic the original website and steal customer credentials from the end user. It was found on a subdomain of a different domain, making it much more difficult to spot through suspicious domain registrations alone.
All companies should assume that suspicious domains targeting their brand are out there, right now
For this type of situation, a dedicated web agent is a perfect solution, alerting you to any signs of content scraping, where hackers steal logos, templates or content from your existing site. This will point you in the direction of the hacker looking to duplicate your branding with malicious intent.
Live attacks in the wild, and no incident response in sight
The live phishing attacks that Segasec uncovered were not reported anywhere else, meaning the companies were either unaware of the existing threats or were not able to take action. Either way, the consequences left their customers exposed. The truth is, even with the knowledge of a live phishing scam, many companies don’t know what to do when they’re faced with an external threat, which is where automation comes in and changes the game for immediate incident response.
Using advanced automated solutions, all endpoints and assets are secured at the first sign of a phishing scam, before customers have fallen victim to the threat. At the same time, through strong relationships with hosting providers and registrars, the malicious version of your site can be taken down in as little as seconds.
Your customer data could be stolen and sold, and you won’t notice a thing
Another live threat that Segasec uncovered was a high-profile brand that was attacked with a phishing survey using the location of the end-user to appear more legitimate. It was intended to collect sensitive information about the customer, data which could potentially be sold on the Dark Web for malicious intent.
Data loss can be the biggest risk to a company from a live phishing scam of this kind, so dynamic deception techniques are the latest advance in data protection. These will dilute the information that hackers access, and confuse them with millions of fake records, making their loot unusable ahead of time.
Stop phishing scams in their tracks
It’s no surprise that any holiday season is going to show a spike in online shopping activity. However, when your customers are browsing the internet looking for a seasonal bargain, they need your protection against the increased amount of cyber-criminals who are also hoping to hit the jackpot.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Cybersecurity enhanced with AI and ML: Improving data loss prevention
- » Security executives want to push forward a password-free future, finds MobileIron
- » How machine learning is helping to stop security breaches with threat analytics
- » More tales of woe for enterprise network security, report warns
- » Myth-busting mobile in the enterprise: The price of mobile lifecycle management