Shoppers should stay alert on Black Friday as hackers launch new scams in the lead-up to the event.
Check Point Research (CPR) said the team has already observed a sharp increase in shopping-related phishing scams, with threat actors imitating well-known brands.
“While consumers are getting ready to bag the best deal, cybercriminals are taking advantage of distracted minds by launching their own shopping ‘specials’ in the form of phishing campaigns and lookalike fake websites,” reads a CPR advisory published on Thursday.
At the end of October, Check Point researchers discovered a malicious phishing email spoofed from the webmail address to appear as if it had been forwarded from Louis Vuitton.
“The well-known fashion brand was also the subject of several other fake websites. At the beginning of October, four domains with the same format were registered,” CPR wrote.
All these websites were reportedly designed to look like the legitimate Louis Vuitton site and spread via email with a subject suggesting discounts were available.
“Over the past month, we have seen an increased number of incidents involving these domains, reaching close to 15,000 in the second week of November,” Check Point explained.
Further, the security team says cyber-criminals are not only exploiting the busy buying period during the purchase process but also at the delivery stage.
“In the first ten days of November, we found that 17% of all malicious files distributed by emails were related to orders/deliveries and shipping,” the CPR reads.
One such scam was impersonating delivery company DHL, which aimed to steal the victims’ credentials by claiming they needed to pay €1.99 to complete the delivery.
“Cybercriminals are taking full advantage of the holiday spirit,” CPR warned. “That is why it is important that everyone takes extra precautions to enjoy a safer online shopping experience.”
To tackle these threats, CPR recommends individuals only buy from authentic and reliable sources, be alert to similar domain names and wary of password reset emails and check whether visited URLs support the HTTPS security protocol.
Bitdefender also recently published new data suggesting over half of Black Friday spam emails received between October 26 and November 6, 2022, were scams.
Leave a Reply