At a time when supermarkets in the UK are experiencing their fastest growth in sales, cyber criminals have been setting up dozens of fake domains to impersonate popular supermarket brands and lure online shoppers into sharing their personal and financial information.
Earlier this week, research from Kantar revealed that supermarket sales "grew by the fastest rate since November last year" even though Sainsbury’s was the only supermarket brand that saw a year-on-year increase in overall sales while the likes of Tesco, Asda, Morrisons, and Waitrose saw marginal declines in year-on-year sales.
Over the past twelve weeks, supermarkets across the UK witnessed an astronomical rise in the demand for hand sanitisers, liquid soaps, household cleaners, and other hygiene and health products and sales of these products helped them shore up revenues for the first time since October last year. Upcoming brands like Lidl and Aldi also experienced booming demand for chilled ready meals, desserts, sparkling wine, boxed chocolates, and alcohol during Valentine's week.
Boom in grocery sales attracting the attention of cyber criminals
However, the increasing reliance on online shopping also brings shoppers face to face with varied cyber security risks. According to Mimecast, cyber criminals have, of late, set up dozens of fake websites that impersonate the domains of popular supermarket chains like Tesco, Asda, and Amazon. The fact that these three brands had 2.5 billion site visits in April makes them prized targets for impersonation attacks.
A fake domain spoofing Sainsbury's website
Research by Mimecast uncovered at least 30 lookalike domains impersonating Tesco, 11 illegitimate domains impersonating Asda, and 10 recent spoofed websites impersonating Amazon. These fake domains can enable hackers to obtain names, addresses, email addresses, and payment card information of hundreds of thousands of shoppers in a very short time.
“Impersonating brands online is a boon for hackers: there are no rules preventing anyone from registering an online domain that looks just like a legitimate brand’s domain name and creating a lookalike that resembles the original. Subtle differences can easily go unnoticed, fooling unsuspecting customers who will simply enter their credentials as usual. In addition, brands often have no idea their name and likeness has been exploited by a copycat; and even when they do, it only takes minutes for criminals to take down their own spoofed websites and create another one elsewhere,” said Elad Schulman, VP of Brand Protection at Mimecast.
A fake domain spoofing Asda's website
“Fortunately, supermarket brands can use new AI-enabled solutions to keep these brand exploitation attacks at bay. These solutions typically operate in one of three ways: scanning the entire web for any form of lookalike; brand domain monitoring, acting as a virtual vigilante always on the lookout for signs of criminals recreating the look and feel of a website; and automated takedowns, which destroy any illegitimate website as soon as they discover it.
“Using one or more of these solutions, British supermarket chains can ensure they have the optimum arsenal in place to fight against websites trying to take over their identities. And by protecting themselves, they protect their customers and other potential victims, too, creating a virtuous circle of trust,” he added.
Cyber criminals also impersonated delivery services to steal customer information
In April, security firm Kaspersky also a big spike in the setting up of fake sites and e-mail addresses by cyber criminals to impersonate popular delivery services in the middle of the shipping crisis and lure Internet users to download malicious files into their devices.
Aside from sending fake emails in the name of popular delivery services, cyber criminals have also set up highly believable copies of legitimate websites as well as fake tracking pages that replicate official homepages of legitimate websites. These fake websites contain little information other than a form for entering credentials and a list of “partner” e-mail services.
According to Kaspersky, no matter how legitimate the fake websites or phishing emails appear, Internet users can protect their devices from malware infection by practicing recommended cyber hygiene norms such as:
- Checking email addresses carefully as well as formatted text and grammar for anomalies
- Not downloading or opening email attachments. Rather, users should log in to their personal accounts on couriers' websites to check for new updates.
- Not to fall for emails that exploit coronavirus to instill a sense of urgency
- Installing a reliable security solution that detects malicious attachments and blocks phishing websites.