Black Friday is one of the most active times of the year for online consumers, which means that it is also a particularly lucrative season for cyber criminals. Just as in previous years, these cyber criminals are preparing themselves for the occasion by planning several different ways to target online shoppers and e-commerce websites for a profit.
The following are some of the main cyber security threats that online businesses and their customers will be facing during this coming weekend.
Phishing and scams are one of the biggest threats to shoppers throughout the holiday season. Threat actors create fake websites impersonating legitimate online retailers in order to steal users’ credentials and credit card information, or infect their machines with different types of info-stealing malware.
Threat actors create fake websites impersonating legitimate online retailers in order to steal users’ credentials and credit card information.
These types of attacks usually begin with a spam email and text message that uses identifiers and lookalike domains to those that belong to the original stores. This tricks users into accessing these fake websites.
Security researchers emphasize that the total amount of financial phishing attempts associated with e-payment systems and online retailers has more than doubled from September to October 2021. According to the research, Amazon has been the most popular lure in financial phishing attacks since the beginning of 2021, followed by eBay, Alibaba, and Mercado Libre.
Amazon phishing email
Other notable subjects that were observed being utilized in recent phishing scams were related to fake charity donations, free or extremely cheap gift cards, fake shipping and top couriers’ notifications, gaming console frauds, and fake Thanksgiving greeting cards that lead to malware infection.
DHL phishing website
Even if shoppers take the necessary measures to stay safe while shopping online, they could be unknowingly facing threats even on legitimate e-retail sites. Skimming means stealing a cardholder’s credit card information using a device called a skimmer, usually installed in ATMs. E-skimming is the same practice, only online. Cyber criminals inject malicious code into legitimate websites and third-party suppliers of digital systems to steal credit card data as users submit it at a checkout page.
A specific hacking collective, known as Magecart, targets online shopping cart systems. They specialize in the Magento platform, stealing payment information that is then sold in credit card black markets. The group made the news recently for the largest credit card hack to date, with more than 2,500 online shops affected.
Attackers set up fake social media accounts in order to lure online shoppers, who are looking for the best deal or searching for their favorite retailer.
Similar to phishing attacks, threat actors can leverage other techniques to fool users into accessing malicious links or downloading malware in the context of Black Friday. One of the platforms that threat actors look to abuse is social media. Attackers set up fake social media accounts in order to lure online shoppers, who are looking for the best deal or searching for their favorite retailer, by providing links to fake websites to steal payment data or compromised sites that will infect the users. Cyber criminals may also attempt to compromise retailers’ legitimate accounts in order to share malicious links with their followers.
Shoppers should be very careful about providing their personal and credit card information on unsecured websites that are not properly implemented with HTTPS encryption. Unencrypted financial transactions are fertile ground for Man-in-the-Middle (MITM) attacks – in which attackers intercept and see all of the data traffic between the client browser and web server.
The holiday season is known as a time during which most offices are closed, with employees spending time at home with their friends and families. Malicious cyber criminals are aware of this known fact, so this period is a perfect time for them to attempt compromising corporate networks - when most employees are not at work.
This period is a perfect time for cyber criminals to attempt compromising corporate networks - when most employees are not at work.
Recent history tells us that the most serious threat arising from this condition is impactful ransomware attacks, especially during holidays and weekends, such as Independence Day and Mother’s Day weekends. Attackers are likely to leverage this issue to encrypt corporate networks, interrupt business operations, and extort organizations for huge profits.
As people prepare to enjoy shopping at discounted prices, attackers are preparing ways to exploit this. If users are cautious throughout the year when making purchases online, they should be extra careful during this season, as scams and lures become more creative and sophisticated. Chances are that imprudent users will not realize that they have fallen victim to such attacks until it is too late.
Here are some of our recommendations for staying safe:
Want to learn more about how to reduce the risk of cyber attack and protect the safety of your organization’s data? Contact CyberProof’s experts today!