Cybercriminals Are Using Domain Fraud to Trick Victims into Using Forged Websites

Cybercriminals are using top level domains (TLD) to their advantage, performing domain fraud in the hopes of directing user traffic towards their own registered sites. Domain fraud happens when hackers register a domain that is made to look legitimate by using, for example, typos in the site name. The domains are meant to imitate real company names.  

In the instance of typo use, these lookalike domains replace letters that are easy to go unnoticed without a second glance. For example, cybercriminals can replace “m” with  “r” and “n” combined and easily trick site visitors into thinking the domain is legitimate. These illegitimate sites with typo-registered domains can be used for phishing schemes in which a hacker may attach their domain link to an email made to look like it came from a real company source. After clicking on the link, victims would be directed to a fake site that asks for users to log in, thereby allowing hackers to steal sensitive credentials. Cybercriminals also use their fake sites for other means like selling counterfeit products of a well-recognized brand. 

Researchers at Proofpoint noted how there has been an 11% increase in malicious domain registrations in 2018, with retail brand sites the main target for such domain fraud. 96% of organizations as part of Proofpoint’s customer base had noticed that their domains were copied as is, with the only exception being the domain name extension change (i.e. .net, .co, .info). 

Due to the extensive variety in domain name extensions, cybercriminals have found it much easier to register domains that copy actual business sites or brand names. Alongside this, the European Union’s General Data Protection Regulation allows privacy for domain registrars thereby making it much more difficult to track cybercriminals. 

Cybersecurity experts warn users to always check the URL for a safety certificate – in which HTTPS is used rather than HTTP – to ensure a fraudulent site isn’t used. However, hackers can always use safety certificates to their advantage, posing their site as one that is legitimate. In this case, it’s always best to double-check the URL spelling or do a quick search on Google to find the actual company site. 

1-800-FLOWERS Affected by Undetected Credit Card Breach Over Four Year Period

In a recent filing with California’s Attorney General Office, 1-800-FLOWERS was revealed to be the victim of a silent malware attack that affected the business within a four year period. As the filing explains, customer credit card information was stolen from the Canadian branch’s website, while the main website was unaffected.

What is interesting to note is how the malware affected the site for four years without any detection. During the time frame between August 15, 2014 and September 15, 2018, consumers’ first and last names, as well as card numbers, expiry dates, and security codes were all accessed by the unknown hacker(s).

The report did not disclose the number of consumers affected by the breach, but the company is required to inform its customers of the incident when a breach affects more than 500 people, this according to California law.

Interestingly enough, 1-800-FLOWERS was the second company to report a four-year long breach, as the Marriott was also affected within a four-year period when hackers stole 500 million guest records.

For now, the company recommends that all its customers keep a close watch on their payment records and to report any suspicious charges to their bank or issuing card company.

British Airways Announces Data Breach of Consumer Credit Card Information

Image Source:

On Thursday, September 6th, British Airways announced they were the latest target of a data breach involving compromised credit card data of around 380,000 consumers.

In a statement, the airline clarifies how passport information was not affected by the breach. Financial details were said to be stolen between August 21 and September 5 from both the British Airways website and mobile application.

Due to negligence in data protection, British Airways may have a 4% fine in their hands, as GDPR data protection laws strictly target the global annual income of businesses that make such errors.

According to a security firm, hackers used skimming malware to gain access to consumer payment information. RiskIQ researcher Yonathan Klinjnsma explains how it took only 22 lines of injected code into the airline’s mobile and web platform for the breach to occur. Such online-skimming tactics aren’t new, as Ticketmaster UK was also hit by a similar breach back in June, this caused by the same hacker operatives known as “Magecart”.

As explained in his research:

“Magecart injects scripts designed to steal sensitive data that consumers enter into online payment forms on e-commerce websites directly or through compromised third-party suppliers used by these sites.”

Hackers specifically customized their coding structure to avoid any possible detection. Once consumers inputted their credit card information and hit “submit”, such data was “extracted…and sent to the attacker’s server,” Klinjnsma reports. Consumer names, including email and billing addresses were also collected.

“Magecart is [still] an active threat…[and has] been active since 2015…” he says. Hackers using this technique of information theft “have continually refined their tactics…to maximize [their] return…”

Consumers of the airline have been urged to get a new card after the breach was reported.

To avoid any further situations such as this, companies must always take precautionary steps of heightened security to ensure consumer data is safe, especially when sensitive information is involved.