Brace Yourselves For Holiday Scams: Over 100x increase in Fake Amazon Sites

Here at DNSFilter, as we prepare for the holidays, we’ve noted that malicious sites using Amazon’s name have skyrocketed since early November. The average DNS query to malicious Amazon sites increased more than 111x in November compared to the previous months, just in time for the holiday season. This includes scams mimicking freight and shipping services that Amazon provides, in addition to fake gift card giveaways, and login pages.

Example of a fake Amazon site using social engineering to steal users’ credentials

DHL and FedEx are also victims of typosquatting and domain spoofing. The number of malicious FedEx domains encountered in November increased over 14% compared to the previous period, and nearly 13% more DHL malicious domains were identified on our network. We’ve found more than thirty sites using the same DHL ransomware kit, disguised as a shipping updates site.

Site leveraging DHL's name with fake single sign on (SSO) login

"Online shopping continues to grow and consumer trust in eRetailers is high. This makes holiday and shipping related sites especially nefarious as vectors for malware, ransomware, and phishing. In addition to dozens of festive scam sites identified by our domain intelligence, we're also seeing new ransomware kits that leverage concerns about shipping slowdowns and supply chain issues over the holidays. It is critical for businesses to have DNS protection in place to protect users who may be doing holiday browsing, or package tracking, on a company computer,” said Jen Ayers, DNSFilter Chief Operating Officer and cybersecurity industry veteran.

Over the last few years, we’ve noticed a sharp increase in the percent of shopping traffic on our network. Before Thanksgiving and Black Friday in 2019, shopping represented 10.69% of our network traffic. In 2020 during the same time period, it made up 13.81% of our DNS queries, possibly due to the growth in online shopping due to COVID-19. In 2021, access to shopping sites represents 19.46% of our network.

In the month of November, access to shopping on our network has increased ~9.81%, while access to shopping sites that are also categorized as phishing has increased 6x.

Phishing site disguised as a festive holiday retailer

Starting in early November, we also noticed an increase in DNS queries to sites that include the terms “Christmas” and “BlackFriday,” with phishing scams to match. Scams taking advantage of the keyword “BlackFriday” ranged from niche, such as a site “selling” Doc Martens, to broader sites capitalizing on "Black Friday Deals".

he URL of this site includes "drdocmartensblackfriday"
A more generic Black Friday scam

Scams found leveraging “Christmas” claimed to sell Christmas sweaters, ornaments, and one even mimicked a German bank.

Scam site leveraging both COVID-19 and Christmas trends to scam users
Scam site leveraging searches for “christmas sweaters”
This fake bank login site uses "Christmas" in the domain name

DNSFilter users are protected by these scams and more, such as phishing schemes posing as fake TSA pre-check. All internet users should be aware of what these phishing sites look like in order to avoid falling for these costly scams. Here are a few things you can do while also implementing DNS security:

  • Keep an eye out for questionable domain names. One fake Amazon site was freeamazongift[dot]cf, which is highly suspicious since it promises something that is likely too good to be true
  • Be wary of things that are different. Does it look like the login page you're used to? Try bringing up the usual login page in a new window to verify you've been linked to a legitimate site
  • Question new companies. Have you heard of this brand before? Can you find social accounts or user reviews for it? Christmas and Black Friday scams rely on eager buyers who aren't validating the sites they're purchasing from—do your homework!

For the best protection this holiday season, set up a free trial of DNSFilter.

  • There are no suggestions because the search field is empty.
Latest posts
Traversing the World of AI with Judy Security Traversing the World of AI with Judy Security

Raffaele Mautone, CEO of Judy Security, recently joined us for an interview session around the increasing presence of AI in cybersecurity. This insightful Q&A session sheds light on how AI is integrated into Judy Security's operations. Raffaele also touches on the broader implications of AI for the future, making a compelling case for its strategic use in both day-to-day operations and long-term security strategies.

Exploring the Security of Free Public Wi-Fi with eero Exploring the Security of Free Public Wi-Fi with eero

There is no doubt that Wi-Fi has become an essential part of our daily lives, enabling us to stay connected whether we're at home, at work, or on the go. However, the convenience of wireless networks comes with significant security risks that can compromise personal and sensitive information. 

Revving Up the Fun: DNSFilter's IndyCar Experience Recap —Laguna Seca Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap —Laguna Seca Edition

Another exciting race weekend with Juncos Hollinger Racing and Romain Grosjean has come to a close! We co-hosted the IndyCar race at Laguna Seca road course with our pals at Pax8, our logos alongside each other on Grosjean’s No. 77 car. Clearly this teamwork paid off, with Romain finishing the race in his team-best position!

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.