How scammers use Black Friday to target consumers
Holiday scammers try to lure consumers with special giveaways, gift vouchers, discounts and coupons, according to a new report from cyber security company ZeroFOX.
Strong Black Friday and Cyber Monday sales crush the fear of retail apocalypse, but no worries about cyber security
The holiday season for the holiday season starts at record level, but analysts remind consumers to play it safely online.
The holiday season for consumers is a busy time for consumers, as they look for offers and promotions on the right gifts to give to family and friends. But it is also a busy time for cyber criminals who take advantage of the season and the shopping frenzy to scam unsuspecting victims. A report released today by ZeroFOX describes how
cyber criminals use vacations such as Black Friday
to cheat and attack internet users.
SEE: Phishing and spear phishing: a guide for IT professionals (free PDF) (TechRepublic)
To conduct its research, the ZeroFOX team collected hundreds of thousands of messages, pages, domains, certificate transparency logs, websites and chatter regarding Black Friday. Looking at information collected between November 1 and November 20, 2019, ZeroFOX found 61,305 potential scams with references to 26 different retail brands. Most scams were aimed at customers of brick and mortar stores, with a small percentage focused on electronics brands. Brick and mortar retailers are main goals because they sell a large number of items in items in large quantities, affecting a large group of consumers.
Deployed via email, social media and other avenues, the scam discovered by ZeroFOX usually try to lure people with giveaways, gift cards or coupons, essentially promising “something for nothing.” To participate in a contest to win a giveaway or gift voucher, the recipient is asked to share certain personal information, such as an email address and a physical address. The
scams make use of the holiday season
by expressing a sense of urgency.
ZeroFOX also found specific words and terms used by scammers. Among the scams discovered, 11,441 contained language related to gift giving, 4,593 contained the word “holiday”, 637 were related to Black Friday or Cyber Monday, 353 named “Christmas” or “Thanksgiving” and 554 included the word ” to donate”. “Fraudsters have also used certain hashtags in their posts on social media, such as #blackfriday, #cybermonday and #giveaway.
Online shoppers run the same risk as scammers set up false and malicious domains. ZeroFOX analyzed a list of 124,000 domains that included one of the 26 brand names selected for the report and discovered that Apple, Amazon and Target were the main imitated domains. Other retailers for whom fake domains were discovered were Tiffany & Co., Sony, Samsung, Microsoft and Hermes. Many of the fake domains contain keywords that can be used
phishing attacks
that try to mislead users into logging in with their login details.
ZeroFOX went further into the suspicious domains and discovered phishing websites, giveaways, scams with coupons and some suspicious Google Chrome extensions. One specific Chrome extension was installed more than 60,000 times, resulting in dozens of negative reviews regarding malware, data theft and even an alleged attempted extortion by the developer.
To better protect yourself against scammers, especially during the holiday shopping season, ZeroFOX offers a few advice:
- Check the URL of each site where you make purchases. Sites for phishing and counterfeit goods often imitate the websites of legitimate brands to appear more credible.
- Be careful when interacting with promotional sites, especially when you are asked to provide sensitive personal information. If a promotion sounds too good to be true, that’s probably the case. Consider using a separate email for promotional submissions.
“ZeroFOX recommends caution when considering giving valuable personal information away for promotions or giveaways,” the report further recommends. “Legitimate giveaways rarely ask for anything more than an email address. A promotion that asks for something else is probably a scam. In addition, make sure that while you make online purchases during these holidays, verify that the domain where you are purchasing does, you want to communicate. Attackers often mimic reputable brands to handle their own scams and phishing sites. ”
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
Also see
Image: Getty Images / iStockphoto