Brace Yourselves For Holiday Scams: Over 100x increase in Fake Amazon Sites

Here at DNSFilter, as we prepare for the holidays, we’ve noted that malicious sites using Amazon’s name have skyrocketed since early November. The average DNS query to malicious Amazon sites increased more than 111x in November compared to the previous months, just in time for the holiday season. This includes scams mimicking freight and shipping services that Amazon provides, in addition to fake gift card giveaways, and login pages.

Example of a fake Amazon site using social engineering to steal users’ credentials

DHL and FedEx are also victims of typosquatting and domain spoofing. The number of malicious FedEx domains encountered in November increased over 14% compared to the previous period, and nearly 13% more DHL malicious domains were identified on our network. We’ve found more than thirty sites using the same DHL ransomware kit, disguised as a shipping updates site.

Site leveraging DHL's name with fake single sign on (SSO) login

"Online shopping continues to grow and consumer trust in eRetailers is high. This makes holiday and shipping related sites especially nefarious as vectors for malware, ransomware, and phishing. In addition to dozens of festive scam sites identified by our domain intelligence, we're also seeing new ransomware kits that leverage concerns about shipping slowdowns and supply chain issues over the holidays. It is critical for businesses to have DNS protection in place to protect users who may be doing holiday browsing, or package tracking, on a company computer,” said Jen Ayers, DNSFilter Chief Operating Officer and cybersecurity industry veteran.

Over the last few years, we’ve noticed a sharp increase in the percent of shopping traffic on our network. Before Thanksgiving and Black Friday in 2019, shopping represented 10.69% of our network traffic. In 2020 during the same time period, it made up 13.81% of our DNS queries, possibly due to the growth in online shopping due to COVID-19. In 2021, access to shopping sites represents 19.46% of our network.

In the month of November, access to shopping on our network has increased ~9.81%, while access to shopping sites that are also categorized as phishing has increased 6x.

Phishing site disguised as a festive holiday retailer

Starting in early November, we also noticed an increase in DNS queries to sites that include the terms “Christmas” and “BlackFriday,” with phishing scams to match. Scams taking advantage of the keyword “BlackFriday” ranged from niche, such as a site “selling” Doc Martens, to broader sites capitalizing on "Black Friday Deals".

he URL of this site includes "drdocmartensblackfriday"
A more generic Black Friday scam

Scams found leveraging “Christmas” claimed to sell Christmas sweaters, ornaments, and one even mimicked a German bank.

Scam site leveraging both COVID-19 and Christmas trends to scam users
Scam site leveraging searches for “christmas sweaters”
This fake bank login site uses "Christmas" in the domain name

DNSFilter users are protected by these scams and more, such as phishing schemes posing as fake TSA pre-check. All internet users should be aware of what these phishing sites look like in order to avoid falling for these costly scams. Here are a few things you can do while also implementing DNS security:

  • Keep an eye out for questionable domain names. One fake Amazon site was freeamazongift[dot]cf, which is highly suspicious since it promises something that is likely too good to be true
  • Be wary of things that are different. Does it look like the login page you're used to? Try bringing up the usual login page in a new window to verify you've been linked to a legitimate site
  • Question new companies. Have you heard of this brand before? Can you find social accounts or user reviews for it? Christmas and Black Friday scams rely on eager buyers who aren't validating the sites they're purchasing from—do your homework!

For the best protection this holiday season, set up a free trial of DNSFilter.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Migrating from Cisco Umbrella to DNSFilter: It Pays to Make the Switch Migrating from Cisco Umbrella to DNSFilter: It Pays to Make the Switch

Navigating the complexities of cybersecurity challenges today means more than just being alert; it requires a readiness to adapt and embrace superior technologies for better protection of your digital assets. The recent announcement of Cisco Umbrella Roaming Clients end-of-life (EOL) on April 2, 2024, and its end-of-support (EOS) on April 2, 2025, has encouraged several organizations to consider the next steps in maintaining robust cybersecurity ...

Zero-Day Attacks: What Are They? Zero-Day Attacks: What Are They?

The term “zero-day attacks” is thrown around frequently with a lot of concern—and rightfully so. In today’s world where even the most menial tasks are conducted online, there is always some cyber threat lurking in the dark shadows of the internet. Picture this: A burglar finds a secret doorway to your house and decides to pay you a visit. All your assets are now accessible to him, even without your knowledge.

Mid-Winter Nights Hallucinations: Some Thoughts on Our New GenAI Category Mid-Winter Nights Hallucinations: Some Thoughts on Our New GenAI Category

AI, LLM, generative content, NLP, big data, neural processing, machine learning, GPT. In 2023 it's undeniable that these were some of the most heard terms from various businesses, news outlets and the social media sphere. Ultimately this alphabet soup can mean just as much as it sometimes doesn’t—and, as often is the case, the internet leans into the trend.Sites popped up everywhere—some reputable while others less so—promising cyberpunk profile ...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.