Black Friday: Phishing Emails Soar 237%

Security

Security researchers have warned of triple-digit increase in the volume of phishing emails designed to trick shoppers, ahead of the Black Friday online sales bonanza which starts today.

For the past few years, the Amazon-inspired event has signaled the unofficial start of the busy shopping season running through to the end of December.

However, it also represents a major opportunity for scammers to trick users into handing over logins and personal/financial information or clicking on malicious links or attachments.

Between November 1 and November 14 this year, security vendor Egress detected a 237% increase in phishing emails relating specifically to Black Friday and Cyber Monday, versus the period September 1-October 31.

Read more on Black Friday threats: UK Privacy Regulator Issues Black Friday Smart Device Warning

VP of threat intelligence, Jack Chapman said the vendor predicts a further increase in this volume in the succeeding week.

“This year, our threat intelligence analysts have seen a range of attacks, including a high number of phishing emails impersonating globally recognized brands,” he explained.

“Cyber-criminals are deploying a range of tactics to enable these impersonation emails to get through perimeter security and then trick recipients into falling victim.”

Among these tactics are:

  • Stylized HTML templates to impersonate brands, featuring official logos and footers
  • Legitimate hyperlinks to the impersonated brand’s site, to help bypass link scanning detection
  • Hijacked or spoofed lookalike domain names, which are very subtly different to the legitimate version
  • Social engineering tactics such as subject lines offering rewards or time-limited offers
  • Obfuscation techniques meaning users won’t see the URL of a phishing site if they hover over a “shop now” button embedded in the email

“Slowing down to check the legitimacy of an offer – for example, by checking social media feeds or contacting the provider another way – can help people determine whether a discount is real or fake,” said Chapman.

“Ultimately, however, when cyber-criminals are using sophisticated tactics, people and organizations need to ensure they have the right anti-phishing and anti-malware protection in place to detect and prevent attacks, whether they’re at work or at home.”

Products You May Like

Articles You May Like

Palo Alto Networks Patches Critical Firewall Vulnerability
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
Chinese APT Group Targets Telecom Firms Linked to Belt and Road Initiative
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Leave a Reply

Your email address will not be published. Required fields are marked *