Monday, April 28, 2025
Follow us On Linkedin
HomeComputer SecurityOver 100,000 Phishing Sites With Valid TLS Certificate to Attack Online Shoppers

Over 100,000 Phishing Sites With Valid TLS Certificate to Attack Online Shoppers

Computer SecurityInternet

Published on

By Gurubaran
look-alike domains

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Cybercriminals registered more than 100,000 look-alike domains that closely mimic the legitimate websites of popular retail websites.

As the growth of e-commerce increases year after year attackers tend to register more malicious look-alike domains that aimed to steal customer sensitive and financial data.

Most of the users believe everything with HTTPS is trusted and secure, but that is not the real scenario. HTTPS connection ensures only the data traveled between client and server is secure.

- Advertisement - Google News

FBI recently warned that Hackers use Secure HTTPS Websites to Trick Users and to Steal Sensitive Logins.

Look-alike Domains

According to a recent investigation done by Venafi to find malicious domains targeting 20 retailers in the U.S., U.K., Germany, France, and Australia, they found over 100,000 fake domains that look like safe and trusted.

look-alike domains
Overall Fake Domains

The research shows a sharp growth with the registration of fake domains, almost it doubled the growth when compared to 2018 and the TLS certificates used is 400% high, in that 60% of the domain using free SSL from Let’s Encrypt.

The registered fake domains vary between the country and the targeted retailer, among others, One of the top U.S. retailers has over 49,500 look-alike domains, United Kingdom (13,848), Germany (7,057), Australia (2,000), and France(1,569).

How Retailers can Mitigate

The Following are the two best prevention methods to avoid fake certificates.

  • By using Certificate Transparency retailers can detect malicious certificates. The ultimate aim of Certificate Transparency is to reduce certificate-based threats.
  • By adding CAA records retailers can specify which CA issue the TLS certificate.

For Customers

  • Check the websites with online scanners to find it’s integrity.
  • Check the Website Safety & Reputation
  • Check the website spelling, logo and contact details.

You can find more details for checking with our article Is this website Safe: How to Check Website Safety to Avoid Cyber Threats Online.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...
APT

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...
cryptocurrency

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...
cyber security

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Computer Security

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...
Computer Security

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...
Computer Security

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved