Fortinet warns companies of a greater chance of online fraud during the holidays.
Fortinet warns that online fraud will reach a new peak around the upcoming holidays. The cybersecurity company bases this on recent research by FortiGuard Labs, which sees a sharp increase in malicious domains and stolen account data for online stores.
Malicious domains
In the past three months, researchers registered more than 18,000 domains that play into holidays such as Christmas and Black Friday. More than 750 of these turned out to be malicious. In addition, more than 19,000 domains appeared that imitate large online stores, with 2,900 malicious variants. The fake sites often strongly resemble the original stores, so many visitors do not see the difference.
read also
AI should Relieve Pressure on Security Teams, but Knowledge Lags Behind
These domains support various fraud techniques. Cybercriminals use them for phishing, fraudulent web shops, fake gift vouchers and collecting payment details. According to Fortinet, attackers also use SEO poisoning, so that their sites appear higher in search results during the busy e-commerce season.
Dark web services and AI
The report describes a growing supply of ready-made services for fraud on the dark web. Examples include AI-powered brute-force tools that mimic human behavior, automatic checks of stolen logins for WordPress, WooCommerce and FTP, and instant hosting with proxies, VPNs and pre-configured RDP servers. There are also platforms for smishing and vishing, tools to clone popular web shops and services that install sniffers and backdoors in web shop CMS.
read also
Fortinet expects record peak in online fraud during the holidays
Fortinet advises companies to quickly patch their platforms, plug-ins and integrations, use https everywhere, protect session cookies and enforce multi-factor authentication for management accounts. Extra attention to botnet protection, DDoS limits, monitoring of fraudulent domains and checking checkout scripts should reduce the chance of data theft.