Skip Ribbon Commands
Skip to main content

Shopping Online This Holiday Season? Look for This Security Feature


​As the holidays approach, you can use the festive shopping season to reinforce cyber awareness with your users. Fraudulent e-commerce sites and other scams are as old as the internet – but issues around domain jacking, phishing sites stealing credit card information and proprietors attempting to pass off fraudulent goods as genuine items continues to rise. ​​​​

This article from Krebson Security​​​​ investigates the growing trend of cyber criminals purchasing legitimate domains and attempt to sell heavily discounted merchandise on fake e-commerce sites. ​​​​

Something Looks Phishy
The Krebs’ article points to a website previously owned by a professional photographer who forgot to renew her domain. It now hosts a Spanish-language site selling Reebok shoes. ​​​​

It certainly looks like a real e-commerce shop. It has plenty of product pages, images and – of course – a shopping cart. ​​​​

However, the site is noticeably devoid of an SSL certificate (http:// versus the preferred https://). Not to mention, the products on offer are all advertised for a near 50 percent discount compared to other retailers.​​​​

But it’s not just International web sites that are at risk. Notice has a Canadian domain and is fraught with similar issues.

This site promises huge discounts and sizes available for every name brand shoe possible. However again, it’s devoid of any SSL certificate when submitting payment information.

Practice Vigilance
​The best way to protect oneself online is to only patronize legitimate brands and websites you know and trust. When in doubt, follow up with the manufacturer to ensure a store is an authorized retailer. Finally, be wary if pricing is cheaper than every other site. After all, if a deal looks too good to be true, it probably is.

For more information, contact Eugene Ng, CISSP, Eastern Canada Cyber Security Leader at 905.607.9777 or [email protected]​​​.