Two more weeks until Cyber Monday! Ready to shop? Got your list ready? Eyes peeled for deals? Psyched about brewing a nice pot of coffee, sitting down at your keyboard, typing in your favorite retailer’s site, tap-tap-tapping in your payment card info, hitting the buy button, and presto! You’ve been phished!
OK,
maybe you won’t stumble onto a copycat retailer site, but boy oh boy, the chances of that have blossomed like a jungle of parasitic mistletoes. According to
research from Venafi, the total number of Transport Layer Security (TLS) certificates used by typosquatting domains to give themselves the aura of being safe and secure is now 400% greater than the number of authentic retail domains. The specific numbers: Venafi found 109,045 TLS certificates on lookalike domains, compared with 19,890 on authentic retail sites. Over half of the certificates used on the imposter domains were certificates from Let’s Encrypt : an automated certificate authority that pumps out free certificates… including, say, the 15,270 “PayPal” certificates issued in 2017 to sites used for phishing. The numbers are a bit mind-boggling: it means that there are now 4x the number of fake sites as legitimate retail sites. The number has more than doubled since 2018.
It also makes keyboard fumbles more dangerous than ever. You know how that goes: you quickly type a URL you use all the time, but this time, you fumble and accidentally swap, add, or delete a single letter and hit enter. Suddenly, you’re not in Kansas, anymore, Toto.