from Hacker News

A large collection of fraudulent web stores

by finnigja on 11/3/22, 2:02 AM with 70 comments

  • by mamborambo on 11/3/22, 5:42 AM

    The consumer's dependence on "legit-sounding domain name", a green SSL key, and recognizable corporate logos and website layout as the "proof" of authenticity is passe.

    In this era of online ubiquity there should be another layer of opt-in validation, ring of trust, p2p feedback and rating, that can all be plugged into the consumer web experience.

  • by lovingCranberry on 11/3/22, 3:16 PM

    Curious question: Why are all these sites behind Cloudflare and why is Cloudflare not acting?

    These sites are literally made to steal my grandma's money when she's buying presents for Christmas and what not.

  • by mfonda on 11/3/22, 5:07 PM

    Thanks for investigating this and ultimately getting the fraudulent store taken down. I saw the same social media post regarding the fraudulent store and was surprised that a small local store was targeted with this kind of attack. A good mix of small stores and major corporations in the list. I wonder if they target the small stores because SEO is easier?

    It's inspiring to see you follow up like this and help out a wonderful mountain shop. A great reminder and inspiration to be more involved in my community.

  • by aww_dang on 11/3/22, 2:51 PM

    Were they billing the cards or just reselling the data? The second option seems more probable.

  • by steve_taylor on 11/3/22, 8:49 AM

    Isn't this something that Extended Validation certificates were designed to address?

  • by asdadsdad on 11/3/22, 1:55 PM

    Does anyone care? I've seen this reported many times, and it never gets the same attention as phish

  • by langsoul-com on 11/3/22, 10:21 AM

    I wonder if the best bet would be to hash the main site and its images. Then retroactively scan sites with similar HTML hash and flag them?

    Fairly sure you could do a HTML search with Google, 7 stores having extremely similar HTML and images seems rather unlikely.

    Effectively, it's virus total but for copycat sites.

  • by bashcoder on 11/3/22, 4:15 AM

    A burgle.

  • by 10g1k on 11/3/22, 4:39 AM

    Alibaba.

  • by napsterbr on 11/3/22, 3:48 AM

    Off-topic, but something seems dangerously off with urlscan.io (a service I had never heard of before).

    If I go to urlscan.io and look at the recently scanned sites (which are live-updated), every now and then I can find links with potentially sensitive information.

    I found OneDrive and SharePoint links. I was unable to actually access the documents in them (it asked me to login), but I could see their content (or metadata) with UrlScan's "live screenshot" feature.

    At one point, it scanned a "reset password" link with the authentication token in the query string (!). I was able to access that link and I would likely be able to reset the password for that specific user. I won't share the underlying website so others don't go ahead looking for it, but it was for a non-US government service.

    The impression I have is that some email provider (or perhaps some antivirus software?) is automatically scanning user emails and the links are being shared publicly, alongside a "live screenshot".

    I might be missing something, but this is weird.

  • by zinckiwi on 11/3/22, 4:02 AM

    An Amazon?

  • by quickthrower2 on 11/3/22, 4:23 AM

    A phish