More than 100,000 Fake Domains For Major Retailers With Clear TLS Certificates

Fake Domains

Venafi, the organization which assists businesses in obtaining cryptographic keys and electronic certificates, has disclosed over 100,000 typosquatted domains that tend to concentrate on large retailers with legitimate TLS certificates.

Venafi carried out a study of lookalike market areas with 20 major retailers in the United States, the UK, Australia, Germany and France in the holiday shopping season around the corner.

The study led to the discovery of 109,045 lookalytic areas that are more trustworthy with valid TLS certificates. This is more than twice as much as last year and the company has pointed out that only fewer than 20,000 licenses for valid retail domains have been released.

Of the 109,000 typosquatted areas, almost 84,000 target retailers in the US, including nearly 50,000 domains that represent one of the leading retailers in the region. In the United Kingdom, Venafi discovers almost 14,000 fraudulent distributor domains licenses.

The firm also has nearly 7,000 bogus domain certificates for retailers in Germany, 3,500 for Australian retailers, and 1,500 for French retailers.

“Some of these URLs may have a legitimate purpose, but many may be used for malicious purposes by attackers. We think the sheer volume of these sites is a strong indication that many of them are used in a malicious manner, especially since we are very close to the holiday season, “says Jing Xie, Venafi’s senior risk intelligence researcher.

Xie added, “Although we have not studied the specific threats associated with these areas, we know that lookalike domains are often used to target phishing and spread malware. Security researchers found, for instance, in 2017 that many certificates containing the word’ Paypal’ were used in phishing web sites. It is logical to assume that hackers use similar retail domain techniques. ”

Overall, 60 percent of the typosquatted domains that have a valid TLS certificate have been issued a Let’s Encrypt certificate free of charge. The aim of the Let’s Encrypt Certificate Authority is to increase the security of the internet by providing free electronic certificates to website owners to encrypt traffic. Nevertheless, its programs are often maliciously exploited.

According to Venafi, 85 percent of the lookalike German retail domains issued a Let’s Encrypt certificate.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.