Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers.
Ahead of the holiday shopping season, security experts from Venafi conducted a study of typosquatted domains used to target 20 major retailers in the United States, the United Kingdom, Australia, Germany, and France.
The researchers discovered 109,045 lookalike domains using valid TLS certificates to make them appear more trustworthy. The number

Below key findings of the study:
- Growth in the number of look-alike domains has more than doubled since 2018,
outpacing legitimate domains by nearly four times. - The total number of certificates used for look-alike domains is more than 400% greater than the number of authentic retail domains.
- Over half (60%) of the look-alike domains studied use free certificates from
Let’s Encrypt .
Experts pointed out that every region had its own lookalike domains, in the US crooks targeted 83,934 retailers, one of which is a top U.S.
Experts reported nearly 84,000 target retailers in the U.S., including almost 50,000 domains that imitate one of the
The situation is also worrisome in the UK where Venafi has found the largest ratio of lookalike domains targeting retailers, that are over six times more look-alike domains than valid domains. The researchers found nearly 14,000 target retailers in the U.K., identifier nearly 1,900 certificates issued for fake retailer domains.
In Germany, there were roughly 7,000 certificates for
In Australia, the experts found nearly 3,500 certificated for domains targeting local retailers, while the number of certificated in France was 1,500.
“We continue to see rampant growth in the number of malicious, look-alike domains used in predatory phishing attacks,” said Jing Xie, senior threat intelligence researcher at Venafi. “This is a result of the push to encrypt more and potentially all web traffic, a trend that generally improves security for users but inadvertently introduces a new challenge to existing methods of phishing detection. Most businesses and many retailers don’t have the updated technology in place to find these malicious sites and remove them to protect their customers.”
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Checkra1n exploit, checkm8)
[adrotate banner=”5″]
[adrotate banner=”13″]