Kylie Makeup, Yeezy Trainers and Holiday Online Shopping Scams

As the holiday season rolls on, take note: Three-quarters of UK consumers have been scammed in the process of purchasing goods online, and over a fifth (22%) personally know someone who has purchased fake goods online.

Shopping online is the preferred method for consumers today, leading to an uptick in phishing and online counterfeiting attacks. According to a survey of 1,000 UK consumers from DomainTools, these are succeeding far too often—but have also led to many consumers (73%) adjusting their online shopping habits as a result of falling victim, growing more wary and aware of the cyber-threats that they face.

When asked what happened to them as a result of clicking on a scam URL, more than a quarter (27%) said their computer was infected with a virus. In addition, 12% of respondents had credit-card information stolen and 11% ended up buying a fake product.

As a result of the activity, nearly all (92%) said that they were aware of phishing. When asked what they would do if they received an email that they were not expecting, or was from someone they didn't know which contained a link to a website, half said that they would not open the email at all, followed by checking that the domain in the email matches the brand they received the email from (29%).

“It’s encouraging to see that UK consumers are actively changing their online habits to keep their data safe online,” said said Tim Helming, director of product management at DomainTools. “Double-checking the links in emails is a great place to start—many illegitimate sites look virtually identical to the real thing. This is where looking closely at the URL can make a real difference for staying safe online.”

Perhaps because nearly all consumers (97% in the survey) still shop online despite the dangers, the proliferation of threats has not slowed down: Action Fraud group has warned that Yeezy trainers and Kylie Jenner makeup are two of the most common items that trick consumers during the holiday period, so the DomainTools research team analyzed domains mimicking Kylie Cosmetics and Yeezy Boost. In total, there were a whopping 139 domains identified as high risk that contained the two brand names—some examples include kyliecossmetics[.]com, kyliecosmetics[.]host and yeezyboostsshop[.]com.

“Shopping online continues to grow in popularity, confirmed by the empty stores on Black Friday,” said Helming. “As our survey respondents admitted, shoppers are increasingly and unknowingly sharing financial and personal information with these criminals or buying fake goods. As shoppers search for their holiday gifts this year, it’s important that they remember to look closely at URLs and email addresses before clicking.”

Some top tips for consumers to avoid falling foul of a spoof website include: Check for extra added letters or dashes in the domain (kyliecossmetics[.]com, yeezyboost-online[.]com); look out for ‘rn’ disguised as an ‘m’, such as versus; check for reversed letters, such as kyleicosmetics[.]com; and odd plural or singular forms of the domain, such as kyliecosmetic[.]cc

What’s Hot on Infosecurity Magazine?