Case Study: The Evil Twin Checkout Page

Get FREE Case Study
case study: the evil twin checkout page

Malicious redirects are a common threat during the holiday shopping season. They lead to “evil twin” checkout pages designed to steal customers’ payment information without their knowledge (or yours!) Learn how Reflectiz detected a sophisticated malicious redirect on a retail giant’s checkout page and prevented a potential holiday season disaster.

  • The case study emphasizes the importance of third-party risk management, as the malicious code might have originated from a compromised third-party vendor or other injection techniques.
  • It highlights the importance of continuous monitoring, especially during peak seasons like the holidays when attacks are more frequent.

Key Takeaways

  • Reflectiz’s proactive approach: Mimicking a user’s behavior, Reflectiz continuously monitors websites, including script activity, network requests, and loaded components. This comprehensive approach enables the detection of subtle anomalies like unauthorized or malicious redirects. 
  • The “evil twin” checkout page: Attackers create a fraudulent checkout page that closely resembles the legitimate one and tricks users into entering their payment details.
  • Importance of deobfuscation: Obfuscated code hides malicious intent. Reflectiz’s deobfuscation tool helped reveal the code’s true purpose – redirecting users to a phishing site. 
  • Redirects best practices: The case study highlights best practices for secure redirects, including input validation, limiting redirect chains, and using HTTPS.

Take control

Stay up to date with the latest news and updates