Virtually all browsers contain denylists to prevent users from accessing malicious sites: Google Safe Browsing, Phishtank, etc. These denylists do not however, generally block sites that have been compromised by
malicious spam SEO attacks, HTML/JavaScript injections that pull malicious content from another domain. Rather, they block the malicious pages that hijacked sites redirect you to - or pull content from.
While this is fine for most websites, assuming you simply surf and do not input any sensitive information anywhere, but would you be okay with giving your personal mailing address, phone numbers and credit card information to a website that is fully controlled by ill-intentioned hackers? The problem is, how do you
know whether the sites you are visiting have not been compromised or not when your tools ignore these types of threat?
Zscaler Safe Shopping is continually up-to-date, via the Zscaler cloud security service, on compromised and fake online stores. It warns users when they visit one of the suspect domains.
Compromised stores
A compromised store is an e-commerce website where one or several groups of hackers has full access and can add/remove/modify pages, access the database, etc. This means they can change an order form to get all shopper information, or get data directly from the store's database; they can even change a payment form and redirect you to a a phishing site.
Zscaler detects compromised online stores based on several factors that demonstrate total control by an outside party by becoming aware of:
For regular users , these sites may not show any sign of being hijacked, - and that's
exactly what the attackers want.
To see a sample warning of a compromised store, go to
http://compromised.example.com/ after you install the plugin.
![]() |
Zscaler Safe Shopping Warning - Compromised store |
To prevent people from using our list to find compromised sites for malicious purposes, we store the domains as a hash table, rather than as plain text list.
Fake stores
Recently, we highlighted the number of high profile, legitimate sites, that have been hijacked to lead to
fake online stores. These stores offer up software downloads at highly discounted prices. The downloads are not blocked as malware by Google Safe Browsing, or as phishing sites by Phishtank.
We've found approximately 100 such fake stores. Those numbers are still high, with more are coming every day.
![]() |
Fake Online Store |
To see the warning for a fake store, go to
http://fake.example.com/ after you install the plugin.
![]() |
Zscaler Safe Shopping Warning - Fake Stores |
Zscaler Safe Shopping Options
You can customize
Zscaler Safe Shopping via the following options:
- Allowlist: do not show a warning for a list of user supplied domains
- Denylist download interval: how often should the plugin download the new list of compromised and fake stores
![]() |
Zscaler Safe Shopping Preferences |
In addition to the option menu, Zscaler Safe Shopping adds an icon to the status bar, at the bottom of the browser. This allows you to turn the plugin on and off with a click of the mouse, without having to restart Firefox. The icon becomes gray when the plugin is disabled.
![]() |
Zscaler Safe Shopping Status Bar |
We'll release updates to Zscaler Safe Shopping in the coming days and weeks as we get feedback from users. Don't hesitate to report any problems or submit question as a comment to this blog, or contact me directly at
[email protected]. This plugin is a nice addition to our
Search Engine Security (SES) add-on to keep consumers safer online.
Shop Safely!
-- Julien