Brace Yourselves For Holiday Scams: Over 100x increase in Fake Amazon Sites

Here at DNSFilter, as we prepare for the holidays, we’ve noted that malicious sites using Amazon’s name have skyrocketed since early November. The average DNS query to malicious Amazon sites increased more than 111x in November compared to the previous months, just in time for the holiday season. This includes scams mimicking freight and shipping services that Amazon provides, in addition to fake gift card giveaways, and login pages.

DHL and FedEx are also victims of typosquatting and domain spoofing. The number of malicious FedEx domains encountered in November increased over 14% compared to the previous period, and nearly 13% more DHL malicious domains were identified on our network. We’ve found more than thirty sites using the same DHL ransomware kit, disguised as a shipping updates site.

"Online shopping continues to grow and consumer trust in eRetailers is high. This makes holiday and shipping related sites especially nefarious as vectors for malware, ransomware, and phishing. In addition to dozens of festive scam sites identified by our domain intelligence, we're also seeing new ransomware kits that leverage concerns about shipping slowdowns and supply chain issues over the holidays. It is critical for businesses to have DNS protection in place to protect users who may be doing holiday browsing, or package tracking, on a company computer,” said Jen Ayers, DNSFilter Chief Operating Officer and cybersecurity industry veteran.

Over the last few years, we’ve noticed a sharp increase in the percent of shopping traffic on our network. Before Thanksgiving and Black Friday in 2019, shopping represented 10.69% of our network traffic. In 2020 during the same time period, it made up 13.81% of our DNS queries, possibly due to the growth in online shopping due to COVID-19. In 2021, access to shopping sites represents 19.46% of our network.

In the month of November, access to shopping on our network has increased ~9.81%, while access to shopping sites that are also categorized as phishing has increased 6x.

Starting in early November, we also noticed an increase in DNS queries to sites that include the terms “Christmas” and “BlackFriday,” with phishing scams to match. Scams taking advantage of the keyword “BlackFriday” ranged from niche, such as a site “selling” Doc Martens, to broader sites capitalizing on "Black Friday Deals".

‍

Scams found leveraging “Christmas” claimed to sell Christmas sweaters, ornaments, and one even mimicked a German bank.

DNSFilter users are protected by these scams and more, such as phishing schemes posing as fake TSA pre-check. All internet users should be aware of what these phishing sites look like in order to avoid falling for these costly scams. Here are a few things you can do while also implementing DNS security:

• Keep an eye out for questionable domain names. One fake Amazon site was freeamazongift[dot]cf, which is highly suspicious since it promises something that is likely too good to be true
• Be wary of things that are different. Does it look like the login page you're used to? Try bringing up the usual login page in a new window to verify you've been linked to a legitimate site
• Question new companies. Have you heard of this brand before? Can you find social accounts or user reviews for it? Christmas and Black Friday scams rely on eager buyers who aren't validating the sites they're purchasing from—do your homework!

For the best protection this holiday season, set up a free trial of DNSFilter.