It’s easy enough to hit a few typos when you’re punching in a site’s address. It’s even easier when you’re typing at super-high speeds to reach a site on Black Friday. Unfortunately, attackers are ready to take advantage of your pudgy, mistyping digits.
New research from Venafi shows that the number of lookalike fake shopping sites has doubled since 2018. In practice, this means that when you accidentally slip an extra letter into Amazon you could be whisked to a site that looks like the spitting image of the retail giant. Which isn’t really a problem, until you unknowingly type in your full address and PayPal details at the fake checkout.
In addition to presenting themselves as a replica of a big-name sites, lookalikes often add a layer of deception by using a Transport Layer Security (TLS) certificate, which makes them seem safer to the average online shopper.
TLS certificates are responsible for the little padlock in the address bar. They basically guarantee that all communication between yourself and a site is encrypted – but that safety blanket is rendered useless when the site itself has questionable motives.
This year, the number of fake sites using TLS certificates was 400% greater than that of actual retail domains. And according to Venafi, over half of these certificates were provided by the free-to-use service Let’s Encrypt. We’ve reached out to the company for comment.
Related: Best Black Friday deals
Venafi’s research showed that the UK in particular has a huge problem with fake sites, with the largest ratio of look-alike domains present out of all the countries involved in the research.
It’s easy to think that phishing only happens to people who aren’t that internet savvy. But it might be worth proofreading that address the next time you’re in a big hurry to buy something online.