Free App Helps Online Shoppers Avoid Fake or Compromised Shopping Sites

  • Mar 01, 2011

Zscaler has released Safe Shopping, a free Firefox plugin that consumers can download to protect them from fake and compromised online stores.

The number of compromised and fake online stores is growing, and unsuspecting users are falling victim to such sites every day. When end users attempt to purchase goods from such sites, they are giving away sensitive information such as credit card numbers. The plugin warns users when they visit one of the suspect domains. Zscaler Safe Shopping is continually updated, via the Zscaler cloud security service, whenever new compromised or fake online stores are identified.

Virtually all browsers contain blacklists to prevent users from accessing known malicious sites: Google Safe Browsing and Phishtank are two examples. However, these blacklists do not generally block sites that have been compromised.  Rather, they block the malicious pages that hijacked sites ultimately redirect to.  This behavior is fine for most websites where you just surf and do not leave any sensitive information. However, in the case of shopping and commerce sites, where a user leaves a mailing address, phone number and credit card details, this type of blocking is not sufficient.  These types of commerce attacks are successful because users often have no idea that the site they are visiting has been compromised, or is a scam built by ill-intentioned hackers.

"Attackers are constantly adjusting their tactics and traditional security controls are failing to keep up," said Julien Sobrier, senior researcher at Zscaler labs and developer of the plugin.  "As blacklists have improved their detection of traditional attacks such as fake antivirus campaigns, attackers are now shifting to fake and compromised storefronts, which are not being detected by the browser."

According to Michael Sutton, VP of security research, "Users have grown comfortable with online commerce. What they don't realize is that lesser-known online stores can become compromised, often due to known vulnerabilities in popular technologies that have not been patched by the merchant. When this occurs, while the store itself may be legitimate, attackers could have access to the back end database."

Featured

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.