fakeSThe Japan Cybercrime Control Center (JC3) and the global counter-cybercrime association APWG just released a report detailing the enormous, rapid growth in fake shopping websites pretending to be retail shopping sites, using data from the Japanese National Policy Agency (NPA). These “fake store” websites accounted for about 7,000 reports of consumers in Japan being victimized by the theft of money or their personal information between June 2016 and June 2017.

APWG Secretary General Peter Cassidy said, “APWG is proud to have worked on this effort with JC3 and NPA, a program in which law enforcement uses data analysis to predict cybercrime - and suppress it before it happens. Seeing real-life cybercrime prevention in action is thrilling and working with our respected friends at JC3 and NPA is always an honor.”

JC3 examined the reported fake stores and determined the characteristics that are common to them all. These details were then used to identify new fake shopping websites to take preemptive countermeasures to protect consumers. Working together, JC3 and APWG combined resources to block and remove these sites.

JC3’s analysis of fake store websites provided insight into the common characteristics of such websites and showed how customers get tricked into believing they are visiting a legitimate retail shopping website. The three main characteristics are as follows:

  • Feature 1: A site that pretends to be a shopping site where users are automatically redirected by embedded codes in a tampered site (often by a banner ad with malicious Javascript).
  • Feature 2: A site that pretends to be a shopping site which changes the content to deceive users, such as a company profile that changes when new visitors arrive from different points of origination on the Web.
  • Feature 3: A site pretending to be a shopping site that does not have a description of an authorized company profile, either missing altogether or clearly fictional. (For commercial transactions, Japanese law requires a company outline and description).

According to the report, APWG will identify fake shopping websites as a specific category of cybercrime website in the future, different and distinguishable from a typical phishing website or a malware-dropping website. Further, APWG will promote this new definition of fake store among industry correspondents and cybercrime reporters to ease discussions during investigations and to be clear in warning retail shoppers and enterprises that encounter fake store websites.

So far, APWG already categorizes ‘Fake Store’ as a specific kind of malicious website that employs a domain name for a fictional company purporting to serve either retail customers or enterprise clients. That category is used to distinguish fake shopping and fake business-to-business websites within the APWG eCrime eXchange (eCX) via a malicious_domain API endpoint.

“JC3’s report is a milestone in defining fake stores. It comes at a time when APWG correspondents globally are reporting increasing numbers of fake stores. These sites are targeting businesses, manufacturers and farmers using alluring catalogues of non-existent goods at provocative discounts. It’s time to update our formal glossary to ease communication between industry interveners, the targeted victims and law enforcement about this burgeoning threat,” Peter Cassidy explained.

APWG expects that JC3’s contributions will be of great use for all countries and regions that have to manage the threats of retail and enterprise fake store websites and we can just highly recommend to read the new report.

By MediaBUZZ