Skip to main content

CSC® Holiday Shopping Warning: Simple Typos Can Lead Consumers and Brands to Online Fraud, Counterfeit Goods, and Cyber Crime

For immediate release

November 17, 2020

For more information:
Christine Blake
W2 Communications
CSC@w2comm.com
(703) 877-8114
CSC®New Room

CSC research also indicates lower than expected domain security amongst top shopping websites, putting brand owners at risk of DDoS attacks, DNS hijacking, and phishing


WILMINGTON, Del. – CSC®, a world leader in business, legal, tax, and domain security, today released new research from their Digital Brand Services (DBS) division warning consumers that simple URL typos could lead to significant online fraud, counterfeit goods, and cyber crime during the holiday shopping season. The company identified and analyzed registered domain typos (misspellings) associated with the 10 largest online shopping brands in the world and found that over 70% of the 1,553 registered domain typos appear to be owned by third parties.

According to CSC's new research, these third-party owned domains receive over five million visitors annually. In addition, 40% of these domains are using domain privacy services to mask or hide their ownership and identity, and close to 48% are configured with MX (mail) records that can be used for phishing and to intercept email. In its blog, CSC offers tips to both brand owners and consumers to protect themselves against fraudulent web properties and content.

A deep dive of the top 100 most visited typo domains shows they are being used in this manner:

  • 38%% are pointing to advertising-related and pay-per-click web content, which can be used to spread malware via domain parking services
  • 27% had no live web content, yet 37% were configured to send and receive email with MX records
  • 15% were engaged in affiliate referrals, which means the brand owner could be targeted for unauthorized affiliate activity resulting in loss of revenue
  • 12% were pointing at shopping-related web content, which indicates that consumers could engage with nefarious retailers selling counterfeit goods while brand owners lose revenue
  • 8% were pointing toward malicious web content e.g., malware

During the holiday shopping season, just one hour of downtime can cost a business over $500,000 in lost revenue*. Despite this, many global eCommerce and shopping companies are still lacking basic domain security measures that could prevent this from happening. For instance, only 16% of the top 500 global eCommerce and shopping domains leverage domain name system (DNS) hosting redundancy, which could secure their online presence from a distributed denial of service (DDoS) attacks. In addition, only 18% use registry locks that prevent DNS hijacking attacks that could redirect consumers to alternate websites. Lastly, 40% of retailers do not use enterprise-class domain registrars. This is partially explained by the fact that 40% of the observed domains still rely on retail registrars that typically don't provide advanced domain security features.

"In light of the global pandemic, both consumers and leading brands have embraced online shopping as we head into the 2020 holiday season. As such, we wanted to call attention to how brands and consumers are at increased risk for a multitude of threat vectors associated with online fraud, counterfeits, revenue leakage and many other cyber criminal activities this year," says Ihab Shraim, chief technology officer for CSC. "As evidenced by the sheer number of mail-in votes in the U.S. election, consumers are looking for safe alternatives to in-person interactions, and it's important for brands to not only provide those digital channels, but also ensure they are secure from online threat vectors."

"We're delighted that companies like CSC are advocating for companies and online brands to put the necessary security protocols in place to protect not only their brand reputation, but their consumers, from online fraud and cyber crime," says Daniel Eliot, director of Education and Strategic Initiatives at the National Cyber Security Alliance (NCSA). "The NCSA's mission is to educate consumers and businesses about these credible risks, and the importance of using recommended cyber security best practices. CSC's research is also an important part of advocating for consumers, and showing the pervasive risk of these cyber attacks and fraudulent domains."

Additional resources:

About CSC

CSC is the trusted provider of choice for the Forbes Global 2000 and the 100 Best Global Brands® in enterprise domain names, domain name system, digital certificate management, as well as digital brand and fraud protection. As global companies make significant investments in their security posture, CSC can help them understand known security blind spots that exist and help them secure their digital assets. By leveraging CSC's proprietary solutions, companies can get secure to protect against cyber threats to their online assets, helping them avoid devastating revenue loss, brand reputation damage, or significant financial penalties because of policies like the General Data Protection Regulation (GDPR).

CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—taking a holistic approach to digital asset protection, along with fraud protection services to combat phishing. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit cscdbs.com.