Avast researchers detect a surge in fake e-shops following holidays

We kick off the new year with expectations of sales, but beware: a dangerous wave of fake e-shops is spreading on the internet.
As the festive season wraps up, a new challenge emerges for online shoppers: the rise of over 4,000 counterfeit e-shops.
These fraudulent sites, cunningly designed to mimic popular brands, exploit the post-Christmas shopping enthusiasm.
Their realistic appearances make them nearly indistinguishable from legitimate websites, posing a significant risk to unsuspecting consumers.
The period following Christmas is a prime time for scammers, as they exploit the common practice of post-holiday bargain hunting.
This time of increased shopping activity makes it especially important for consumers to be vigilant and informed about the potential risks of online shopping.
The scammers' strategy is straightforward yet effective: target popular brands known for their post-holiday sales.
They meticulously replicate everything from product offerings to website design, creating a convincingly authentic shopping experience.
This high level of detail in imitation makes it particularly challenging for shoppers to discern the real from the fake, especially when in pursuit of good deals on clothing, footwear, and other popular items.
The scam unfolds in stages, typically beginning with a request for personal information during a fake login or purchasing process.
You might stumble upon these fake e-shops at the top of a Google or Bing search, where they present themselves with credible-looking domains, often using common TLDs like.com,.
It's a comprehensive data harvest, capturing everything the scammer needs: your name, address, phone number, email, and credit card information.
To navigate the online shopping landscape safely, make sure to exercise caution and verify the credibility of e-commerce sites.
Verify the credibility of websites: Before entering personal information or making a payment, verify the credibility of the website.
Be cautious if there is only one payment method, especially if it requires entering your card details directly on the e-shop page.
Watch for signals of fraud: Observe warning signs such as spelling errors on websites, unusual email addresses, or suspicious offers.
Share experiences and warnings: Engage with other online shoppers and share your experiences with various e-shops.
Warn against suspicious websites and contribute to creating a safe online environment for everyone.
Staying alert and informed is key to avoiding the pitfalls of post-holiday online shopping scams.
By being aware of the tactics used by scammers and practicing safe online habits, you can enjoy the benefits of online shopping without falling prey to fraud.


This Cyber News was published on blog.avast.com. Publication date: Thu, 04 Jan 2024 14:13:05 +0000


Cyber News related to Avast researchers detect a surge in fake e-shops following holidays

Avast researchers detect a surge in fake e-shops following holidays - We kick off the new year with expectations of sales, but beware: a dangerous wave of fake e-shops is spreading on the internet. As the festive season wraps up, a new challenge emerges for online shoppers: the rise of over 4,000 counterfeit e-shops. ...
1 year ago Blog.avast.com
Avast Antivirus Vulnerability Let Attackers Escalate Privileges - Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability affects multiple versions of ...
1 month ago Cybersecuritynews.com
New decryptor for Babuk Tortilla ransomware variant released - Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at ...
1 year ago Blog.talosintelligence.com
Avast settles claims of customer data peddling for $17M The Register - Avast has agreed to cough up $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties. The US regulator filed [PDF] a lengthy complaint against Avast regarding its use and alleged misuse of customer ...
1 year ago Go.theregister.com
Holiday Season Online Privacy Recipe - Make delicious sense of online cookies with Avast and get two signature holiday cookie recipes from chef Carla Hall. Aggressive advertisers can use them to track your every move online and sell your information. So now you know which cookies to ...
1 year ago Blog.avast.com
Avast confirms it tagged Google app as malware on Android phones - Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app ...
1 year ago Bleepingcomputer.com Rocke
Cyber Crime Wave: Chinese Scammers Target Europe with Fake Designer Brands - In the last couple of weeks, there has been an increase in the number of people who have been duped into sharing their card details and other personal information with a network of fake online designer shops that are operated from China, which appear ...
1 year ago Cysecurity.news
FTC Accuses Avast of Selling Customer Browsing Data to Advertisers - The US government's consumer protection agency is moving to ban anti-malware software vendor Avast from selling customer web browsing data to third-party advertising companies. The agency also plans to slap Avast with a $16.5 million fine and an ...
1 year ago Securityweek.com
Babuk ransomware decryptor updated with Tortilla support The Register - Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of ...
1 year ago Go.theregister.com DAIXIN
Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
7 months ago Bleepingcomputer.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
Are you sure that online store is real? You might be surprised - The rise of user-friendly online store platforms, originally designed to simplify launching digital storefronts, has unintentionally contributed to this problem. These scam artists have a worldwide presence, launching numerous fake stores in various ...
1 year ago Blog.avast.com
Attackers Targeting Recruiters With More_Eggs Backdoor - FIN6 has been known in the past to pose as recruitment officers to target job seekers, but it appears to be "moving from posing as fake recruiters to now masquerading as fake job applicants" in a shift in tactics, Trend Micro researchers ...
7 months ago Darkreading.com FIN6
Avast Threat Report shows humans are better targets that software - The latest Avast Threat Report identifies the most prominent targets for cybercrime-and it's us. While that has some slight relationship to the real world, Avast Threat Labs' latest findings show that online fraudsters aren't focusing as much on ...
1 year ago Blog.avast.com
New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code - The infection flow begins with injected JavaScript on compromised websites, which retrieves malicious code from blockchain smart contracts, ultimately leading to the display of fake security challenges. The latest variant, discovered in December ...
2 months ago Cybersecuritynews.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
1 year ago Darkreading.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com
Revenue from Darknet Markets Dropped to 13 Billion in 2022 - The amount of money earned by darknet markets decreased from $2.6 billion in 2021 to $1.3 billion in 2022, according to a new study. Researchers from blockchain analysis firm Chainalysis attributed much of the decline to the closure of Hydra Market, ...
2 years ago Therecord.media
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
Convincing LinkedIn 'Profiles' Target Saudi Workers for Information Leakage - Attackers have used hundreds of fake profiles on LinkedIn - many very convincing - to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in specific roles to provide sensitive corporate ...
1 year ago Darkreading.com
New Decryption Key Available for Babuk Tortilla Ransomware Victims - A new decryptor key has been created for victims of the Babuk Tortilla ransomware variant, Cisco Talos has confirmed. These keys will be added to a generic Babuk decryptor previously created by Avast Threat Labs. This will enable users to download ...
1 year ago Infosecurity-magazine.com Black Basta
Holiday Threats Surge as Christmas-Themed Scams Explode - As the winter holidays approach, malicious spammers have ramped up their efforts, flooding inboxes with a surge of unsolicited emails and Christmas-themed scams, according to a Bitdefender report. Key findings indicated a steady rise in ...
1 year ago Securityboulevard.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
1 year ago Bleepingcomputer.com
ClickFake Interview - Lazarus Hackers Exploit Windows & macOS Users Fake Job Campaign - The ClickFake Interview campaign builds upon the tactics of Contagious Interview, which targeted software developers via fake job interviews conducted on platforms like LinkedIn or X (formerly Twitter). The Lazarus Group, a North Korean ...
2 months ago Cybersecuritynews.com Lazarus Group
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
7 months ago Hackread.com