Technology Advisor Blog

As Black Friday and Cyber Monday have come and gone; internet shoppers are facing a rise of fraudulent websites with counterfeit products, catered to their interests and demographic. These fraudulent websites are designed to steal innocent user’s credit card information along with their personal information. Causing additional stress on top of financial stress and holiday expectations. At Ekaru, we want to ensure you are safe this holiday season, and ensure your personal credentials are kept close.

Fraudulent Websites for the Holidays

According to CyberPress, “More than 2,000 newly discovered fraudulent websites, including more than 750 Amazon-related typo squat domains and over 1,000 .shop sites mimicking well-known brands, have been explicitly activated for the 2025 holiday shopping season”.
In a recent blog post, we discussed typo squatting, the misspelling of a website, popular or not, designed to perfectly mimic a legitimate website to harvest your personal information or install malware to your devices. Some examples you may come across in passing are:

• G00gle.com
• microsft.com, rnicrosoft.com
• Paypa1.com
• Netflex.com
• Appple.com, apple.co
• Wellsfargo.org, secure-wellsfargo.org

Usually these are easy to identify if you can catch misspellings on your URL before being transferred to the fraudulent website. However, homograph attacks can be intertwined when adding different alphabets in creating malicious links/URLs. All can be overlooked if you are not paying attention or rushed, but cybercriminals utilize behaviors to socially engineer the scam that can catch you off guard.
For recent fraudulent websites, their templates perfectly mimic legitimate retail e-commerce websites. The flashy holiday banners, the countdown timers catered to make you react, fake verified badges to appear legitimate, fake pop ups with urgent CTAs or names of customers that say they made purchases X number of hours ago.
All socially engineered and designed to psychologically gain your trust in handing over your personal information, especially if you see something you want to purchase on their site. If you fall victim to purchasing off a fraudulent site, scammers can commit identify theft, chargebacks for more than what you needed, and sometimes unrecoverable financial losses.

Signs To Consider When Website Hopping/Shopping

With these fraudulent websites using similar templates, while some were made for the holiday season, others had landing pages stuck in ‘coming soon’ mode for months prior to drop specifically when peak sales initiate. With the elevated pattern of fraudulent websites using recycled templates, it’s likely a lot of these domains were registered months in advance or all at once. With the uptick in domains being purchased, services like Cloudflare can have a harder time detecting these domains due to reverse proxy. Reverse proxy is between a user’s browser and original web server as its first defense in website security and reliability to block malicious traffic before reaching the landing page. In these instances, as well as systems designed to protect your computer can only go so far, this is where education in identification and proactivity are here as your next and sometimes best line in defense.

To Avoid Fraudulent Shops

Usually in the midst of holiday online shopping, we can easily get distracted by a product or service that almost appears to be ‘made’ for us, compelled to buy it before the site claims its almost sold out. But that’s when it is too late. Knowledge is going to be your best tool to stopping scams before the scams stop you. When shopping, consider:

1. Stick with Trusted Retail Sites
   -Proceed with caution when scoping a new website, with scammers purchasing new domains, search for its credibility through other sources.
   -Check pricing. As much as we love a good sale, the pricing can be a giveaway if its fraudulent with suspiciously good deals.
   -Ensure you are typing the URL correctly for the desired website’s landing page. Scammers will purchase multiple domains of popular misspellings to trick you.
   
   
2. Use Credit Cards When Purchasing
   -Using credit cards will provide you with stronger fraud protection than lets say debit cards. If a scammer has access to your debit card, they can eventually have access to your bank account information.
   -Credit cards are also accepted everywhere in physical retail stores to online ecommerce shops. If a store urges you to use payment through Cash App, Zelle, Venmo, or even bitcoin, strongly consider not purchasing from that website and look elsewhere.
   -Trust your gut. If a website is asking for more information to complete a purchase than other sites usually request, consider checking product on a more legitimate website for peace of mind.
   
   
3. Ensuring Accounts Are Safe
   -Consider updating your existing passwords on financial websites for stronger peace of mind. It's recommended to use passwords of at least 16 characters (with both upper and lower case letters as well as numbers and symbols)
   -Turn on Multi Factor Authentication for added security anywhere you can. Sometimes the confirming on multiple screens can be annoying, but better safe than sorry when it comes to your personal information.
   -Ensure devices are up to date for any security patches.
   
   
4. Monitor Your Accounts
   -Monitoring your accounts can save you for any suspicious activity, especially when on a shopping spree. If you notice any suspicious activity within your transactions, contact your credit card company for potential chargebacks.
   -If they are not automated from your credit card company, have fraudulent alerts enabled in case there is any suspicious activity you may have missed.
   
   
5. Social Media
   -The more we scroll on social media the more new shops are revealed. Sometimes they have really good stuff and just have to check it out for yourself. But a lot of times, these product can be phishing websites and non legitimate products. Few things to check for are, does the website have credibility? How far do customer reviews and testimonials go?
   -Check your research before you click, shops through social media have an unusually high follower count of over 50K-100K+, not following anyone back, engagement is inconsistent with bots commenting.
   -Check for reviews, since scammers can socially engineer testimonials and reviews, checking legitimacy is essential more than ever.
   Your intuition is essential next to education on scams, if something feels off, trust it and only continue through trusted sellers.

Cybersecurity for Shopping and Your Devices

As much as we help users with their devices, our services can also translate organically to your shopping habits. Cybercriminals utilize the peak holiday season to install malware onto devices, commit identity theft by stealing your personal information through malicious websites, emails and social media accounts. It’s a stark reminder cybercriminals do not rest during the most wonderful time of the year.
As your business slows down for the holidays, we want to approach users with the sense of protecting users outside of the office as much as inside the office.

How can Ekaru help You:

• We assist in monitoring your devices, monitoring for lookalike domains. while also installing software to protect users from malicious malware accessing your personal information. 
• Secure DNS filtering. URLs you link to will go through our systems in ensuring the website is legit and if not, stops before you reach access to the site’s landing page.
• We cannot stress enough how education on cybersecurity can be the difference between falling for a scam or catching a scam dead in its tracks. We offer cybersecurity awareness training to help empower your team in spotting and avoiding scams before they do any damage.
• In case something is engineered well enough to slip through the cracks, our support, through quick response, ensures issues are detected, responded to and remediated as quickly as possible.

During this high-risk season of malicious websites and emails, we are committed to keeping your team, your business and your data secure, so you can focus on your holiday shopping.

Want to learn more about how Ekaru can help your business and its users from socially engineered scams? Let’s connect!

Ekaru has monthly webinars on all thing’s cybersecurity. This month, our webinar on December 11^th focuses on holiday scams, we’d love you to join us.  Sign up on our website on the News and Events page.  

And, check out website and our social media for new content daily and the latest cybersecurity articles.