By: ThreatLabz

1 Week 'til XMAS... Avoid Shopping Woes

Phishing

Many folks are familiar with fake goods sites (e.g., replica watches and fake pharm / pill sites). These sites either peddle shoddy goods, or just flat out steal your payment credentials.

In case you needed to be reminded this holiday season, there are more than the obvious scam sites out there. Many show up in search engine results / advertisements and forum / e-mail advertisements (spam). On top of which, many have been in business for more than this holiday season.

Some examples,
hxxp://www.cheap-abercrombie.com/
hxxp://www.variantkicks.com/
hxxp://www.tiffanyoutlet.com/

You can see by visiting the sites, that their virtual store-fronts look legit:



The Name Records for each of these examples dates back to 2001, 2007, and 2008:

 

 

There are many more examples of these questionable virtual storefronts. However, I was able to find a single forum post spam advertising the above examples (which I why I selected these three):

This site states that cheap-abercrombie.com advertises that their merchandise is authentic, but customers are reporting the merchandise to be poorly made replicas with no option for return / refund.

This site states that variantkicks.com sells counterfeit shoes and charges $36 USD for returns.

The tiffanyoutlet.com site does not currently resolve an A record (but is also not showing that it is suspended by the Registrar). Google has a cached page of the site here, and Google results show that the site has been advertised via spam and is peddling fake jewelry.

Whether you are buying your sweetie a tennis bracelet, a sweater, or some new kicks this holiday season, buy from reputable stores, do your research, and if you have any doubt about the legitimacy of a store, err on the side of caution and shop elsewhere. Onguardonline.gov has more advice for online shopping here.

 

 

Learn more about Zscaler.