Black Friday Alert 2019: Net Shopping Bag of Threats

[harlan4096]

Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a limited time offer, many shoppers lose all sense of vigilance. Caution goes out the window and consumers start tapping on links and email vouchers without their usual care and attention.

Spam and Phishing

Unfortunately, online shopping at this time of year needs more security-awareness, not less. It is the peak season for phishers and spammers. Along with many genuine offers, there also lurk phishing scams ready to reel in an unwitting bargain hunter’s bank details. By clicking on a too-good-to-be-true discount link online without checking it’s genuine, you could find yourself at a fake marketplace, that may look indistinguishable from the real website. On these sites, entering your bank details could result in money leaving your account, but no package arriving at your door.

Since Kaspersky has been analyzing financial phishing activity, which began in 2013, there has been a steady rise in threats – peaking at 54% in 2017. However, last year this trend did slow down and decrease. The figure dropped to 44.70%. Financial phishing attacks are still expected to be a big risk around the upcoming Black Friday event, and there will be close analysis to see if the figure rises once more.

Social Engineering in the Retail Sector

How do phishing scams work?

In order to make these scams a success, fraudsters need to lure their potential victims to fake webpages and obtain their bank details. To do this, attackers register website domains, often containing the magic phrase ‘Black Friday’ and keep their registration data hidden.

Their sites are usually well designed and appear to be genuine and of a high quality. Unlike many old typo-filled spam emails, phishing web pages are relatively easy to make look authentic – scammers can simply copy the source code from the real store’s website and make theirs appear to be a near perfect match.

Domain addresses are usually hidden until the event itself, so they are not blocked in advance by antivirus software vendors. The scam website is then activated immediately before the phishing mail goes out, just as shown in these screenshots.

Occasionally, these attacks appear to be sent by large banks or payment systems, allegedly partners of the Black Friday sales campaign, while in fact these are carefully crafted copies of legitimate pages and mailshots made by criminals. Emails or warnings may threaten to block the user’s account or promise some financial benefits by clicking on the email. These phishing emails make it seem like all you have to do is follow the link and log in to your account.

However, if you do log in to these sites with your credentials, all your bank account or payment card data — such as card numbers or usernames and passwords — will be leaked to the scammers.

Once they have this data, scammers could be able to withdraw money from your account, sell your bank card details on the dark web, or spend your money in various ways. This is often carried out by teams in other countries.

These scams come in a variety of forms. In one example, scammers offer goods at crazy discounts, encouraging the victim to share their bank card details, thereby risking losing all of their account funds and of course, not receiving their order. In another scheme, the victim might be tricked into transferring money to the attacker’s account, after which the fraudster breaks off all contact and the funds are lost.

There is also another widespread and very successful phishing scheme which asks users to complete a survey and fill in a large registration form, along with bank card details to take part in the promotion. After completing the form, you’re asked to send a link to the website to 10 friends via a messenger app.

Of course, victims of this scam won’t ever receive any prizes but instead end up bombarded with various links and emails for more useless surveys. Any additional clicks on these survey usually mean that scammers receive even more money. Because the survey is shared through messenger apps, more users, who often trust links that come from their friends, might also fall for the trick. And so the cycle continues.

Where are phishing scams occurring?

According to our statistics, more than half of phishing attacks carried out in the digital retail space are in the payment sector – online stores, payment systems and banks. Frequently, criminals use brands of Amazon, eBay and Alibaba to trick users. Amazon was used as a disguise in more than a million attacks in the first three quarters of 2019 alone, as the graph below shows.

Notably, the share of phishing incidents in the online retail space during the peak sales period significantly increased compared to what happens during the rest of the year. For instance, attacks that were using the eBay brand reached nearly 25,000 during the week of November 4th, 2018, two weeks before Black Friday, after experiencing minimal disruption in the preceding days. The Amazon disguise was also a key target for scammers too – facing more than 20,000 phishing attacks during the week of November 19th, 2018, which was the week of Black Friday last year.
...

Continue Reading