Netcraft Extension adds credential leak detection
28th August, 2020
The Netcraft Browser Extension now offers credential leak detection for extra protection against shopping site skimmers.
With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil their shopping needs. According to Adobe’s Digital Economy Index report, US online spending in June was $73 billion, up 76% from $42 billion last year. Even with restrictions lifted, research commissioned by Visa suggests that 74% of Britons who shopped online more often during the lockdown will continue to do so.
Now more than ever it is important to protect against JavaScript skimmers. These are snippets of malicious code which criminals upload to compromised shops. Unbeknownst to the store owner or the user, they transmit entered card details directly to the criminal. Unlike scams such as phishing, which can often be avoided by a vigilant internet user, skimmers are invisible to the human eye without a tool such as the Netcraft Extension to expose them.
Netcraft currently blocks over 6,000 shopping sites which contain skimmers, and even large companies such as British Airways, Ticketmaster and Puma have fallen prey to these attacks in the past.
The Netcraft Extension identifying and blocking a skimmer on an online shop
When you visit a shopping site, the Netcraft extension will evaluate all requests made by the web page. If a request is found to be sending credentials to a different domain, the extension will block the request to prevent your data from being stolen. A block screen will notify you about the request and provide information about the malicious behaviour that was detected. Only card number leaks are currently blocked, but other types of credentials may be enabled in future updates.
For example, if you check out using your credit card on exampleshoppingsite.com but your card details are sent to examplebadsite.com, the extension will block the request. This checking is done locally and securely in your browser – no sensitive information is sent to Netcraft.
The extension will also block pages which make requests to malicious domains that are part of JavaScript attacks.
In addition to shopping site skimmers, the Netcraft Extension also protects against other malicious JavaScript, phishing and fake shops, including those related to coronavirus. The extension is available for Chrome, Firefox, Opera and the new Microsoft Edge based on Chromium.
If you already have the Netcraft Extension installed, your browser will update it automatically.
Netcraft phishing and cybercrime protection app for iOS available globally
3rd August, 2020
Netcraft has released a new version of its phishing and cybercrime protection app for iOS. The app protects users around the world from online threats including phishing, JavaScript skimmers, fake shops, and coronavirus scams. The Netcraft app is available for download today on iOS, Android, and Amazon devices:
Our iOS app protects against online threats, with new attacks blocked within 15 minutes of being identified as fraudulent by Netcraft. It offers a 28-day free trial of all features, after which a monthly or annual subscription can be purchased for $1.99 or $9.99 (£1.99 or £9.99).
You can use the app without a subscription to report suspicious sites to Netcraft with just a few taps, and automatically report URLs in SMS and iMessages from unknown senders.
Wherever you are, the app defends against phishing attacks targeting regional services such as governments and banks. In addition, it protects users against other types of online threat such as JavaScript skimmers on eCommerce sites, fake shops imitating well-known brands, new threats such as coronavirus scams, and attacks targeting global entities – such as cloud services, financial institutions, and social media.
Protect against Shopping Site Skimmers and Fake Shops with the Netcraft Extension
12th July, 2020
The current coronavirus pandemic has resulted in the closure of many pubs, restaurants, and brick-and-mortar retail stores. Many purchases that would previously have been made in person now take place online. In research commissioned by Visa, 89% of Britons have shopped online since the UK’s lockdown restrictions began, with 31% buying items online for the first time during this period. This increase in online shopping activity benefits criminal groups in that: smaller businesses newly reliant on online transactions provide attackers with a stream of inadequately-defended shopping sites to exploit, and buyers are far more likely to be driven to these compromised shops or to fake shops compared to before the pandemic.
JavaScript skimmers run on compromised shopping sites. When shoppers enter their payment details, the skimmer secretly sends a copy to the attacker - potentially even if the customer does not complete the transaction. Even the most careful of users can be victims of these attacks, as they appear on compromised but otherwise well-intentioned shops with no visual indication of their presence.
Fake shops are another threat. Shoppers seeking bargains may unknowingly find themselves on a fake shop which claims to offers the products they want at a highly discounted price, but the victim will subsequently only receive counterfeit goods, no goods at all, or have the transaction aborted after entering credentials which is equivalent to a phishing attack.
Fake shops also take advantage of the pandemic by offering goods in high demand due to coronavirus, such as N95 masks. The FBI has released a Public Service Announcement about an increase in online shopping scams involving the sale of counterfeit healthcare products such as Personal Protective Equipment (PPE). To date, Netcraft has blocked over a thousand such coronavirus-themed fake shops, 80,000 other fake shops selling all sorts of counterfeit goods, and around 3,500 compromised shops hosting JavaScript skimmers.
The Netcraft browser extension and mobile apps provide protection against fake shops as well as legitimate shopping sites that have been compromised with JavaScript skimmers. When an extension or app user visits one of these dangerous shops, Netcraft will block access to the shop and alert them:
Visiting a fake shop without the Netcraft extension
Visiting a fake shop with the Netcraft extension
Fake shops are making a killing from counterfeit trainers
29th June, 2020
Online shopping has surged since lockdown started in March. Many of us, looking to be healthier, have headed online for sports equipment and a number of sportswear retailers have reported booming online sales. John Lewis recorded a 72% increase in total sports shoe sales, while Adidas and Puma have both seen an increase in ecommerce revenue.
Shoppers browsing online for the best deals, however, need to take care, as many people would be surprised at the scale of fake shops. Each day we find new fake shops designed to entice shoppers away from bona fide outlets, as many brands have yet to find effective countermeasures.
Counterfeit shoes, clothing and other accessories are estimated to lose the industry more than €26 billion each year in the EU alone, while the loss due to all online counterfeiting is estimated at $323 billion a year. The OECD estimated that over 3% of all imports worldwide are counterfeit.
Traditionally fake shops claim to sell luxury consumer goods at highly discounted prices. We have seen fake shops using at least three different models:
- Payment is accepted, but no goods are delivered.
- At the end of the checkout process, an error message is displayed such as “Out of Stock” and no transaction occurs. This is equivalent to a phishing attack, as the fake shop has the consumer’s credentials.
- Payment is accepted, and goods are delivered. The quality of goods varies between junk and identical to the bona fide item.
Trainers are the most counterfeited goods
We currently block around 75,000 fake shops in our extension and apps. Of these, roughly half target a specific brand, such as Nike or Adidas. About 70% of the fake shops selling branded goods sell shoes, predominantly trainers.
Corroborating this, European customs authorities handle more cases of counterfeit sports shoes than any other type of product.
Fake shops by type of goods sold
Netcraft wins 2020 Queen's Award for Enterprise
21st April, 2020
Netcraft has today received a Double Queen’s Award for Enterprise.
A Queen’s Award is the highest UK Government award for a British business. It is awarded on the Queen’s Birthday each year, and, in different times, it would include an invitation to a mass gathering at Buckingham Palace. The criteria set by our Government searches for considerable progress sustained over a six year period. This year, 128 companies received a Queen’s Award for International Trade and 66 companies a Queen’s Award for Innovation.
Netcraft is one of three companies to receive a Queen’s Award in both categories. The full list of winners is listed in the Queen’s Awards Press Book.
Netcraft Adds Coronavirus-related Cybercrime Protection to its Apps and Browser Extensions
10th April, 2020
Netcraft has added protection from Coronavirus-related cybercrime to its mobile apps for Android and iOS, and to its browser extensions for Chrome, Firefox, Opera, and Microsoft Edge. Websites containing these attacks will be blocked for those who have the app or extension installed. The iOS app — currently available in the UK and Canada — blocks Coronavirus-themed attacks impersonating Canadian and UK businesses as well as providing global coverage of fake shops purporting to sell Coronavirus-related goods.
Any Coronavirus-related cybercrime can easily be reported through the extension or app, by emailing scam@netcraft.com, or at report.netcraft.com, protecting other users from these attacks.
The Netcraft Browser Extension now blocks Coronavirus-related cybercrime
Since 16 March Netcraft has been monitoring and disrupting Coronavirus-themed cybercrime, which accounts for five percent of the attacks we perform countermeasures against and is becoming more prevalent on the internet.
The Netcraft App can be downloaded from any of the major three major app stores:
The Netcraft Extension can be downloaded for any of the four major browsers:
