Share this
Brace Yourselves For Holiday Scams: Over 100x increase in Fake Amazon Sites
by Serena Raymond on Nov 22, 2021 12:00:00 AM
Here at DNSFilter, as we prepare for the holidays, we’ve noted that malicious sites using Amazon’s name have skyrocketed since early November. The average DNS query to malicious Amazon sites increased more than 111x in November compared to the previous months, just in time for the holiday season. This includes scams mimicking freight and shipping services that Amazon provides, in addition to fake gift card giveaways, and login pages.

DHL and FedEx are also victims of typosquatting and domain spoofing. The number of malicious FedEx domains encountered in November increased over 14% compared to the previous period, and nearly 13% more DHL malicious domains were identified on our network. We’ve found more than thirty sites using the same DHL ransomware kit, disguised as a shipping updates site.

"Online shopping continues to grow and consumer trust in eRetailers is high. This makes holiday and shipping related sites especially nefarious as vectors for malware, ransomware, and phishing. In addition to dozens of festive scam sites identified by our domain intelligence, we're also seeing new ransomware kits that leverage concerns about shipping slowdowns and supply chain issues over the holidays. It is critical for businesses to have DNS protection in place to protect users who may be doing holiday browsing, or package tracking, on a company computer,” said Jen Ayers, DNSFilter Chief Operating Officer and cybersecurity industry veteran.
Over the last few years, we’ve noticed a sharp increase in the percent of shopping traffic on our network. Before Thanksgiving and Black Friday in 2019, shopping represented 10.69% of our network traffic. In 2020 during the same time period, it made up 13.81% of our DNS queries, possibly due to the growth in online shopping due to COVID-19. In 2021, access to shopping sites represents 19.46% of our network.
In the month of November, access to shopping on our network has increased ~9.81%, while access to shopping sites that are also categorized as phishing has increased 6x.

Starting in early November, we also noticed an increase in DNS queries to sites that include the terms “Christmas” and “BlackFriday,” with phishing scams to match. Scams taking advantage of the keyword “BlackFriday” ranged from niche, such as a site “selling” Doc Martens, to broader sites capitalizing on "Black Friday Deals".


Scams found leveraging “Christmas” claimed to sell Christmas sweaters, ornaments, and one even mimicked a German bank.



DNSFilter users are protected by these scams and more, such as phishing schemes posing as fake TSA pre-check. All internet users should be aware of what these phishing sites look like in order to avoid falling for these costly scams. Here are a few things you can do while also implementing DNS security:
- Keep an eye out for questionable domain names. One fake Amazon site was freeamazongift[dot]cf, which is highly suspicious since it promises something that is likely too good to be true
- Be wary of things that are different. Does it look like the login page you're used to? Try bringing up the usual login page in a new window to verify you've been linked to a legitimate site
- Question new companies. Have you heard of this brand before? Can you find social accounts or user reviews for it? Christmas and Black Friday scams rely on eager buyers who aren't validating the sites they're purchasing from—do your homework!
For the best protection this holiday season, set up a free trial of DNSFilter.
Share this

Hackers have long understood that the most sophisticated firewall is no match for a well-placed psychological trick. While many focus on the technical prowess of cybercriminals, the real magic often lies in their ability to manipulate human behavior. By exploiting our natural tendencies and cognitive biases, hackers can slip past even the most robust security systems. It's not just about cracking codes; it's about cracking the human psyche.

Artificial intelligence is transforming business operations, automating everything from customer service to data analysis. But with these advancements come new security challenges. AI-driven cyber threats are becoming more sophisticated, enabling attackers to automate phishing campaigns, generate malware, and exfiltrate sensitive data at scale. Without proper safeguards, AI tools can unintentionally leak corporate secrets or connect to malicious ...

Managing endpoint security across an organization—whether as an MSP overseeing multiple customers or an admin overseeing a tech stack—should be simple, efficient, and effective. That’s why we’re excited to introduce a revamped Roaming Client management experience, designed to provide greater confidence and ease in managing your fleet of DNSFilter Roaming Clients.