Press Releases

Survey: Consumers are Willing to Overlook Security Flaws for Cyber Monday but Less Trusting Remainder of the Year

SEATTLE – November 14, 2018DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced the findings of its second-annual Cyber Monday Consumer Survey. The survey found that 62 percent of respondents are willing to shop a brand that has been breached in the past if it’s for a Cyber Monday sale, indicating many consumers will remain loyal to their favorite shopping sites if there is a compelling enough deal on the table. However, in the absence of deep discounts, 60 percent said they will ditch a site if they think it is vulnerable to a breach or has been caught in the crosshairs of a scam in the past. Alongside the results, DomainTools released an infographic to illustrate the key survey findings.

As consumers prepare for holiday shopping – 70 percent of respondents indicated plans to shop Cyber Monday deals this year, and 60 percent intend to directly visit the website of the product to find their deals – top retailers must stay ahead of cyber predators to ensure long-term consumer trust. According to the survey, the top three most popular sites to shop in the last six months were, Amazon (90 percent), Walmart/Sam’s Club (55 percent) and Target (39 percent), making them likely destinations for deals and potential attacks on Cyber Monday. DomainTools conducted additional research into top brands in DomainTools PhishEye, which found that among leading retailers, which found that among leading retailers, there were dozens of spoofed domains such as walmartcreditcardlogin[.]online and anaz0n[.]com. With this level of activity, and web traffic spiking to 152 percent above the average on the morning of Cyber Monday last year, it is ever more important for retailers to be aware of spoof domains.

“This year’s respondents were clear that they are willing to overlook previous breaches in lieu of a Cyber Monday deal,” said Corin Imai, senior security advisor at DomainTools. “As consumers continue to grow vigilant of threat vectors, retailers are being held more accountable to stay ahead of potential threats. Building intelligence around spoofed domains that may impact their brand, becomes more crucial to protecting their reputation and maintaining consumer loyalty not only on Cyber Monday, but all year round.”

While most consumers plan to go directly to retailer websites, 22 percent said they also use email newsletters, which ranked as the second most used method for finding Cyber Monday deals. This underscores the fact that email remains an effective threat vector for phishing attacks targeting holiday shoppers. When compared to last year’s findings, there was a three percent increase in respondents who have been duped by phishing scams and/or spoofed domains, jumping from 38 percent to 41 percent.

The survey also found that consumers are becoming increasingly informed about cybersecurity risks, though many don’t fully understand the seriousness of the threat landscape, as demonstrated by findings including:

  • Ninety percent of respondents say they are aware that cybercriminals spoof retailer websites and email domains.
  • Still, 54 percent stated that they have fallen victim to scams.
  • Despite awareness, respondents were split in response to the statement, “I don’t really think about breaches when I shop online,” with 49 percent agreeing and 51 percent disagreeing with it.
  • Among respondents that had a previous encounter with a scam, 90 percent have changed their behavior, which is a three percent improvement from last year’s survey findings.
  • Respondents are now taking certain precautions, which include paying closer attention to URLs and email senders to make sure emails are coming from the actual retailer (61 percent), checking the email domain to make sure it matches the brand they shop (78 percent) and directly visiting the retailer’s site vs. clicking through from emails or on social media (54 percent).

The survey was conducted in October 2018 among U.S. consumers. The full results are available by request.

For more information on DomainTools PhishEye, visit

About DomainTools

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at or follow us on Twitter: @domaintools.