Festive season witnesses 178% surge in malicious websites, claims new report

Number of malicious shopping websites has seen an uptick by 178%, as compared to the monthly average in 2021 so far, according to a latest report by Check Point Research.   

While there was Diwali in India recently, other festivities around the globe included China’s Single’s day on November 11, Australia’s ClickFrenzy annual sale on November 9. Besides, Christmas, New Year are just around the corner, while Black Friday and Cyber Monday are close by in the US.   

An Adobe Analytics data showed that online shopping in the US is about 10% higher this year as compared to 2020, and is estimated to touch $910 billion globally.   

Threat actors are making the most of the online shopping frenzy by increasing the number of malicious websites. 

Researchers at Check Point said that they had witnessed about 5,300 different malicious websites on a weekly basis since the beginning of October 2021.  

The corporate impact of these also saw an increase, with 1 out of 38 corporate networks being impacted on an average per week.  

This number was at 1 per 47 corporate networks in October, while earlier this year it was it was around 352 incidents.   

Check Point asked users to shop from authentic and reliable sources and to be attentive for lookalike domains.   

The most sure-shot way to know if the website is fake is to look if the website has a secure socket layer (SSL) encryption.    

To know if the site has an SSL, the website should contain HTTPS instead of HTTP. There will also usually be an icon of a locked padlock that will appear to the left of the URL address bar. If this icon is not present, it is a red flag that the site is malicious.  

The number of unsolicited password reset emails have also seen an increase.  

Check Point advised users to not respond to any uninvited password reset emails, these emails can also be a phishing attack where the user could be redirected to a website where account credentials could also be compromised.   

The data for the study was gathered through Check Point’s ThreatCloud, that gathers real-time threat intelligence from sensors across networks, mobiles and endpoints, the company said.