Buybuy Baby Liquidation Sale Scam - Why New Domains are a Security Risk
I want to revisit a valuable lesson in cybersecurity that I learned after failing to catch the infamous Buybuy Baby closing sale scam, which is a phishing scam involving Facebook ads and clearance sales on an Ecommerce website.
Just to give you some background, I work in Cybersecurity and am a software developer, but this was still an eye-opening experience about why Newly Registered Domains
are a security risk.
Phishing scams can happen to anyone, no matter how sophisticated you are with your technology. If you have any doubt about this, read the story about how popular tech YouTube channel Linus Tech Tips was hacked using a sophisticated Phishing scam.
You should never make the assumption that you can't possibly fall for a scam. In the world of AI, where it's possible for a computer to mimic a person's voice, you have to be more vigilant than ever.
Here's what happened:
My wife started receiving ads on Facebook for clearance sales related to a well-known baby brand going out of business and items that were on sale as a result of liquidation.
She ordered a discounted product, but had second thoughts. She handed me her phone to double check the website to make sure it was legit.
I quickly glanced at the website and checked for a few things:
- I saw that it was a Shopify website, which is a trusted Ecommerce provider. Shopify only lets legitimate companies on its platform, right? So far so good.
- It was advertised on Facebook and Facebook has sophisticated methods for weeding out scams and evaluating advertising customers. A scammer wouldn't have gotten through both Shopify and Facebook.
- I Googled Buy buy baby liquidation and read a few articles about how it had gone bankrupt and that there were numerous liquidation sales. Checks out so far.
- I saw sales on reputable websites like Ebay and Temu with related sales. Seems legit.
Unfortunately, I told my wife that it seemed fine to me.
Luckily, she insisted that she had recently read about clearance scams being advertised.
I then used my phone to go to the website and was surprised to see that my DNS Filtering service blocked it because it was considered a security risk.
I looked the domain up using Cloudflare Radar to see how it was classified (security threat is a big category) and realized that it was a New Domain. Huge Red Flag!
Now keep in mind that DNS Filtering services didn't classify it as a Phishing website or a website hosting malware. It was a security risk because it was a New Domain. More on this later.
At this point, I checked our credit card statement and saw that it was clearly a scam.
It was difficult to find the transaction because the amount and merchant name were different than the website name, product, and invoiced amount. This is a key part of the scam: the transaction is a fairly small amount and it blends in with other transactions. I believe it was posted on our statement as makeup.
I quickly canceled the card and issued a chargeback on my credit card.
Where I went wrong
There were so many points of failure that lead to this security breach.
I protect my home network by using the Tech Lockdown DNS Filtering service on my home router. Our service blocks DNS security threats , such as newly registered domains.
Had we been at home, the advertised scam website would have been blocked and the issue would have ended right there. However, we were traveling and using hotel Wi-Fi where no security protocols were in place.
Furthermore, although my personal devices have the DNS Filtering agents installed so that DNS Filtering is used on any internet connection, I had failed to set it up on my wife's smartphone. With so many devices in our house to manage, my wife's iPhone slipped through my security focus.
When assessing the potential security threat, I should have taken my wife's sense of urgency more seriously at the beginning. Had she not insisted we would likely be in a worse situation.
I placed too much trust in Facebook and Shopify to weed out scammers. I made the assumption that it was unlikely a scammer could get on two legitimate platforms. This was a bad assumption.
Why this scam bypasses so Many Security tools
The scam works like this:
- The scammer registers a new website domain name.
- Because the website is new, reports of Phishing activity aren't associated with that domain name yet, so security tools won't block it on that basis alone.
- The scammer creates ads on Facebook to quickly get people to visit the website before they are shut down based on user reports.
- The website uses Shopify or a self-hosted Ecommerce platform so they are in full control of the financial transaction. There isn't a broker in between (like Ebay or Amazon) that would quickly stop the scam, ban the seller, and reverse the transaction.
- The website doesn't trigger any obvious red-flags with a suspicious design or popup ads. The website seems safe.
How to Mitigate Phishing Security Threats
In addition to what I've outlined above, it's critical that you secure your devices.
Securing your devices does not just mean that you have a virus scanner on your computer and keep it up to date.
In this situation, a virus scanner wouldn't have stopped this threat because Malware wasn't involved.
Phishing often involves the use of legitimate platforms where social engineering is used to trick the victim.
Block Threats with DNS Filtering
DNS Filtering is a critical security tool necessary in the modern age.
These services use sophisticated methods to categorize websites. For example, a website like Google is classified as a Search Engine
.
If you connect your device to a DNS Filtering service, you can block websites that fall into certain categories.
For example, some websites are known to be malicious, so DNS Filtering services will eventually classify them as a security threat. When you try to visit the malicious website, the filtering service displays a block page and won't let you proceed.
A lesser known security risk is a New Domain, or a website that was recently published online. As you've seen in this article, new websites can pose a security risk. As a result, it's best to block new domains so that you give yourself a first warning sign so that you are on high-alert.
Device Management
Another layer of threat mitigation involves device management.
DNS Filtering is often bypassed either intentionally or unknowingly. For example, a user might install a VPN after seeing an advertisement on YouTube about increasing privacy. Furthermore, a person might install a VPN to purposefully bypass a content blocking policy imposed by a DNS Filtering service. In both cases, the devices are vulnerable to security threats.
You can use device management techniques to enforce your security measures to prevent bypass of critical cybersecurity safeguards like DNS Filtering.
Device management techniques give you the control you need to ensure that your devices are protected and that you don't easily fall victim to Phishing, security threats, or unwanted and harmful content.