Saturday, January 1, 2022

Holiday shopping? Get an amazing 75% discount offer? A case study on evaluating a special holiday sale  

Executive summary

Malicious actors always try to be creative and find new ways to trick people into a scam. In this case a new website is offering 75% discount on all Timberland shoes. The information looks almost identical to the original page, but when looking closer questions start to pop.

Key takeaways:

  • Fake websites and phishing attempts tend to rise before holidays.
  •  Santa’s 75% discount in the case below will probably lead to loss of money or people being disappointed by buying fake shoes

Analysis

Yesterday I received a message in one of my WhatsApp groups:

“75% discount on Timberland brand for 72 hours, Enjoy!” and a link to the website kopwor[.]com

To be honest, for a moment looking on that website, I thought how lucky I am with Santa’s presents this year with 75% discount on all Timberland shoes! In the first look on the website it seemed promising and legitimate, a wide variety of shoes and detailed information on all.

discounted shoes

Figure 1. 75% discount on all shoes

Then I started to think, well let's check this website, first – I never heard about it, and second – it's too good to be true.

So let’s see what information we can extract from the website. First thing we can check when it was registered using a whois online service such as who.is or domaintools.com.  Whois query tells us that the website was registered only 5 months ago on 2021-07-07 on “NameSilo”. In addition, looking at website history using the wayback machine – an archive of internet websites – we see that on 2021-12-10 the website had no content.

The website is hosted on Cloudflare and using the host certificate service for SSL:

kopwar site

Figure 2. Website certificate

Looking at the page source we can notice some comments in Chinese:

Chinese comments out of the blue

Figure 3. Chinese comment on page source

Clicking on any of the links in the bottom of the page including “About Us” and “Shipping & Deliveries” returns “Page not found”:

page not found

Figure 4. Missing web pages such “About Us”

If we go to purchase, there is no input validation:

no input validation

Figure 5. No input validation

And last, let's compare one shoe from the suspicious website with Timberland's original website.

Let's look closer at: “Men's Timberland Premium 6-Inch Waterproof Boots” on kopwor website VS “Men's Timberland® Premium 6-Inch Waterproof Boots” on Timberland website. (notice the missing “R” symbol after Timberland name in shoe description in kopwor website)

comparison of shoes

Figure 6. Comparison between similar shoes on both websites

Original price US$ 198 on both, discounted price on kopwor: US$ 49.50.

in a quick look, we can see the similarities between the shoes – color is a bit different but overall their structure looks similar.

When looking more closely we can notice more significant changes, so let’s play “find the differences”:

closer look at shoes

Figure 7. Closer look at both shoes

Some differences on the image marked in colors:

  •  Color of the stitches
  •  R mark sign size and location
  •  Couple of differences on the logo
  •  The color of the sole

In addition, there are some good websites such as scamadvisor that might help us with deciding on suspicious websites.

In our case it tells us the negative highlights of kopwor website:

  • The registrar has a high % of spammers and fraud sites
  • The owner of the website is using a service to hide their identity on WHOIS
  • This website is (very) young.
  •  High number of suspicious websites on this server

Bottom line, either it's a phishing website aimed to steal user money, or it's a site selling fake Timberland shoes. Either way you should always look for suspicious signs when unknown websites offer amazing deals.

Currently the 72 hour sale is over, but discounted prices are still the same – another red flag.

Safe surfing and Happy holidays!

Recommended actions

  1. Be careful when buying from untrustworthy websites.
  2. Try to pay attention for important information, such as website certificates

The post Holiday shopping? Get an amazing 75% discount offer? A case study on evaluating a special holiday sale   appeared first on Cybersecurity Insiders.


January 02, 2022 at 09:09AM

0 comments:

Post a Comment