Ongoing Campaign Spoofs Walmart, Dating, Movie Sites

  /     /     /  
Publicated : 23/11/2024   Category : security


Ongoing Campaign Spoofs Walmart, Dating, Movie Sites


A new investigation detects more than 540 domain names linked to the Walmart brand and camouflaged as career, dating, and entertainment websites.



A newly discovered spoofing campaign has been discovered mimicking the Walmart brand and several career, dating, and movie and TV websites, with more than 540 domains detected so far.
Corin Imai, senior security adviser for DomainTools, was alerted to the activity about two weeks ago when the term Walmart was found spoofed in multiple domains. The flagged domain walmartcareers[.]us prompted her to research related terms and other suspicious domains.
Imais analysis led to the discovery of an email address linked to 184 other potentially risky domains with an average age of 190 days. Further investigation into these domains led to the discovery of a much broader campaign spoofing a range of websites related and unrelated to the Walmart brand. Of the 540-plus domains identified, only 181 have appeared on blacklists. Others have a high risk score, which Imai says indicates theyll likely be blacklisted in the future.
The initial intent of this investigation was to analyze spoofing campaigns targeting Fortune 500 companies, she says, but researchers findings took them down an unexpected path. Generally with phishing domains, we see things escalate between 24 and 48 hours, Imai explains. Within two days of their analysis, researchers saw more of these suspicious websites being blacklisted.
Of the domains found so far, many appear to target job hunters and people using online dating and entertainment websites. It seems the attackers intent is to exploit this interest by creating fake sites designed to capture users credentials, going step-by-step to set up a credential page so they can verify they are who they claim to be, while at the same time scraping login data.
As of now, it seems the actor or group behind this campaign is solely after credentials; however, some of the spoofed pages seem to be spam. Its kind of an odd cross-section, Imat says, pointing to the combination of spoofed career, dating, and movie and television websites. Other fake sites include cashgiftcards[.]us, captainmarvelmovie[.]us, and mcdonaldcareer[.]us.
Most of the IP country codes for detected domains are in the United States, Imai found, but registrant details indicate an address in Pakistan. Right now it looks like the same actor, she says. Theres nothing pointing to it being multiple actors, based on historical information.
While spoofing is not a new threat, Imai says the number of domains in this campaign, coupled with the attackers ability to mimic the look and feel of target websites, signifies a group with both the resources and sophistication to launch a large campaign. There is sufficient traffic to these sites to warrant a further investigation into how many people are submitting their data. Security pros may be likely to check the domain of a suspicious- page, but consumers may not.
Imai plans to continue this investigation, which will include sandboxing suspicious websites to see whether theyre after more than credentials and further researching the campaigns full scope and intent. She plans to publish ongoing updates to her
blog post
.
DomainTools team isnt the only group to unearth a recent spoofing campaign targeting a major retailer. Security company Segasec monitored Amazon in the days before and after Prime Day to watch for suspicious activity; researchers found 4,000 potential attacks between July 10 to 21. In one campaign, attackers used Amazon-related domains in a phishing scam targeting PayPal customers.
Imai advises businesses to seek domains that may be attempting to mimic their brands. Many of these malicious domains havent been blacklisted, meaning customers can still be affected. Organizations should also consider their takedown processes and see whether they can be accelerated.
For consumers, she recommends checking a websites legitimacy by taking a peek at the URL to ensure its not suspicious before entering personal information or payment data.
Related Content:
How to Create Smarter Risk Assessments
Mimecast Rejected Over 67 Billion Emails. Heres What It Learned
Destructive Malware Attacks Up 200% in 2019
8 Head-Turning Ransomware Attacks to Hit City Governments
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ongoing Campaign Spoofs Walmart, Dating, Movie Sites