Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

Black Friday scam

With more online shoppers this year due to COVID-19, cybercriminals are pulling the trigger on new scams ahead of Black Friday and Cyber Monday.

The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities.

The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now than before COVID-19. From a cybercriminal perspective, this skyrocketing level of online shoppers translates to more potential victims.

Hackers are looking to cash in on the top shopping days in the U.S. – Black Friday and Cyber Monday – as well as other events, like Singles’ Day, which recently occurred this week in China.

“Retailers have also been hit hard by the pandemic, and will likely send out even more emails showcasing their discounts and offers, which can be easily spoofed to trick consumers,” Tony Pepper, Egress CEO, said in an email. “Recipients hunting for a good deal may find it difficult to differentiate between the swarm of legitimate emails, and phishing attacks trying to steal their data.”

Last year, researchers said that social-media scams and domain-impersonation scams were some of the biggest types of attacks during the holiday shopping season. These scams were bent on either stealing credentials or payment data from unsuspecting shoppers, or distributing malware onto their systems.  This year, researchers say phishing attacks will continue to pose as a top threat during the holiday season.

These types of attacks are increasingly getting more convincing and harder for recipients to spot. Attackers are using sophisticated tactics – including visual CAPTCHAS to target Office 365 users and token-based authorization methods.

Authorities worldwide are already warning of a slew of scams leading up to the holiday season. Ahead of Singles’ Day, authorities in China warned of a “fake refund” phone scam where attackers impersonate a customer service officer from various brands to tell customers that a recent purchase is out of stock – and promises a refund if they hand over their bank account details. According to the BBC, the scam recently cost one woman $30,000.

The Better Business Bureau (BBB) also warned on Friday of scammers taking advantage of virtual holiday events – such as holiday markets and craft fairs – by creating phony copycat events that charge for admission and steal victims’ credit-card information.

“In another twist on this scam, some virtual holiday markets have a website or social media page where vendors can post photos of their products and links to their websites,” according to the BBB. “Be careful here too! Some consumers reported to BBB that they the clicked the links provided, thinking they lead to an online shop. Instead, the sites downloaded malware.”

Egress’ Pepper said that consumers should always check email sender details carefully and hover over links before they click.

“If you’re still not sure, you can always reach out to the retailer via their website, to check that the email you received is genuine,’ said Pepper. “There are also lots of online resources to check out for more information, including many run by Government organizations.”

 2020 Healthcare Cybersecurity Priorities: Data Security, Ransomware and Patching
Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020. Save your spot for this FREE webinar on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.