Free App Helps Online Shoppers Avoid Fake or Compromised Shopping Sites

Zscaler has released Safe Shopping, a free Firefox plugin that consumers can download to protect them from fake and compromised online stores.

The number of compromised and fake online stores is growing, and unsuspecting users are falling victim to such sites every day. When end users attempt to purchase goods from such sites, they are giving away sensitive information such as credit card numbers. The plugin warns users when they visit one of the suspect domains. Zscaler Safe Shopping is continually updated, via the Zscaler cloud security service, whenever new compromised or fake online stores are identified.

Virtually all browsers contain blacklists to prevent users from accessing known malicious sites: Google Safe Browsing and Phishtank are two examples. However, these blacklists do not generally block sites that have been compromised.  Rather, they block the malicious pages that hijacked sites ultimately redirect to.  This behavior is fine for most websites where you just surf and do not leave any sensitive information. However, in the case of shopping and commerce sites, where a user leaves a mailing address, phone number and credit card details, this type of blocking is not sufficient.  These types of commerce attacks are successful because users often have no idea that the site they are visiting has been compromised, or is a scam built by ill-intentioned hackers.

"Attackers are constantly adjusting their tactics and traditional security controls are failing to keep up," said Julien Sobrier, senior researcher at Zscaler labs and developer of the plugin.  "As blacklists have improved their detection of traditional attacks such as fake antivirus campaigns, attackers are now shifting to fake and compromised storefronts, which are not being detected by the browser."

According to Michael Sutton, VP of security research, "Users have grown comfortable with online commerce. What they don't realize is that lesser-known online stores can become compromised, often due to known vulnerabilities in popular technologies that have not been patched by the merchant. When this occurs, while the store itself may be legitimate, attackers could have access to the back end database."

  • Fresh Security Perspective from AMAG’s New Sales Director A Fresh Perspective on Security

    Fred Nelson may be new to the security industry but his sales and leadership methods are time tested, and true. Fred joined AMAG only a few months ago, but brings with him a wealth of experience in sales and life balance solutions. This year is off to a good start for AMAG with new solutions on the horizon.

Digital Edition

  • Security Today Magazine - April 2022

    April 2022

    Featuring:

    • Similarities at Data Centers and Airports
    • Transitioning to the Cloud
    • Going High Tech
    • The Benefits of On-site Security
    • Optimizing Store Layouts

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety