Threat Spotlight: Look Out! Black Friday Phishing and Cyber Attack Monday
November 2017 by Fleming Shi
Big Brands and Bonus Bucks Gift Cards: Cybercriminals are launching widespread phishing campaigns spoofing popular e-commerce and consumer brand websites aimed to steal your information.
The appeal of camping out on Thanksgiving night to be the first one in the door for your favorite department store’s Black Friday sale is quickly becoming less tempting since much more can be accomplished online — without having to lose sleep or battle crowds. However, as we gladly wave goodbye to crowded parking lots and endless lines, we aren’t quite free of holiday shopping battles — they’re just being fought on a different, less familiar field. In fact, as online shoppers are looking for the best deals to jump on, cybercriminals have taken notice and continue to come up with creative scams to lure would-be deal seekers.
In this Black Friday / Cyber Monday version of the Threat Spotlight, we examine some of the mass phishing attacks happening now, that look to take advantage of eager holiday shoppers.
Black Friday Phishing and Cyber Attack Monday – mass phishing attacks that impersonate big brands, and popular stores to lure victims into forfeiting their personal information.
There are three overarching methods these attackers are using to entice shoppers:
• Hijacking e-commerce brands like Amazon with gift card scam emails.
• Impersonating brick and mortar stores including Walmart and Kohls.
• Hijacking brands of well-known consumer products such as Ray-Ban and Michael Kors.
Focus on the Tactics, Not the Specific Brand Names
The actual names of the brands these attackers are impersonating is less important than the tactic, as criminals can quickly change the name of the brand and launch new mass phishing scams. These mass phishing attacks are sent to thousands of potential holiday shoppers promising time-sensitive gift cards that ultimately send victims to spoofed websites impersonating the companies. The goal is to convince consumers to register or log into what they think is their real Amazon or Walmart account in order to receive a gift card. Sadly, no gift card or bonus bucks will be received, but instead, consumers end up surrendering their account credentials — which can lead to all types of destructive behavior. Cybercriminals can steal account credentials and log into these accounts, retrieve credit card information, additional personal information, and learn about a users’ shopping history for future social engineering attacks.
Short-Lived Attacks: Rinse, Wash, and Repeat
These threats are short-lived as most of the sites are now taken down and undoubtedly, new attacks have been launched with different domains. Additionally, these threats are very cunning in the way that the emails are engineered. Recipients don’t need to click on the “Buy” button in order to be directed to their counterfeit website, because the attackers are embedding malicious domain hyperlinks into every piece of the email, including all of the images and text. This means that all it takes, is for a victim to click anywhere on the email and they will be redirected to the malicious site.
Even though these counterfeit sites are not identical to the actual sites of the impersonated big brands, attackers are counting on the fact that most consumers do not buy from these brands directly, and therefore won’t recognize what Ray-Ban’s home page (for example) actually looks like. They are hinging on the fact that most people who shop online, buy from Amazon and would fall for registering for a gift card on the Ray-Ban site.
Here are a few screenshots of the most common examples of these attacks that we’ve been tracking.
These Email Threats Will Fall Through the Security Cracks
Most email security solutions will not block these attempts because the criminals are using URL shorteners and redirectors in order to get the emails through to end users. These attackers are leveraging the fact that security solutions don’t block most URL shortening services, which is a popular way to share URLs. While the redirectors are being used in order for these messages to appear like users aren’t visiting malicious sites. Tricky tactics no doubt, that will help criminals have their emails received and opened by end users.
Recap: The Techniques Used in These Attacks Are:
Phishing – attackers send massive amounts of emails to lure recipients into acting on irresistible holiday shopping deals.
Impersonation/brand hijacking – Cybercriminals are impersonating big-name brands and e-commerce stores.
Spoofing – criminal websites are spoofed to appear like the actual brand’s e-commerce site.
Take action: Tips to Stay Safe and Preventive Measures
• For this Black Friday/Cyber Monday and holiday season, be safe and don’t click through deal emails. Go directly to the intended site and look for the product deal and avert possible threats.
• Hover your mouse over every hyperlink to make sure it looks like it’s legitimate.
• If there is any doubt or suspicion, don’t click!
• Be extremely cautious of any promotional email you get this time of year.
• Verify the certificate in the left-hand corner of the site – make sure it’s assigned to Amazon.com or other intended sites.
• Websites might look different, you can check the real site to verify.
• Make sure when you log in, register, or insert any personal information — the site is secure. You can check this in the internet browser just before the URL, it will show “Secure” in green.
User Training and Awareness — Employees or really anyone using email should be regularly trained and tested to increase their security awareness of various attacks like these phishing attempts. Simulated attack training is by far the most effective form of training. Always check the domains on emails asking for things from you, including clicking and inputting information.
Layering training with an email security solution that offers sandboxing and advanced threat protection should block spam, phishing attacks, and malware before it ever reaches the corporate mail server or user inboxes. Additionally, you can deploy anti-phishing protection with Link Protection to look for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document.