Black Friday: Phishing Emails Soar 237%

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Security researchers have warned of triple-digit increase in the volume of phishing emails designed to trick shoppers, ahead of the Black Friday online sales bonanza which starts today.

For the past few years, the Amazon-inspired event has signaled the unofficial start of the busy shopping season running through to the end of December.

However, it also represents a major opportunity for scammers to trick users into handing over logins and personal/financial information or clicking on malicious links or attachments.

Between November 1 and November 14 this year, security vendor Egress detected a 237% increase in phishing emails relating specifically to Black Friday and Cyber Monday, versus the period September 1-October 31.

Read more on Black Friday threats: UK Privacy Regulator Issues Black Friday Smart Device Warning

VP of threat intelligence, Jack Chapman said the vendor predicts a further increase in this volume in the succeeding week.

“This year, our threat intelligence analysts have seen a range of attacks, including a high number of phishing emails impersonating globally recognized brands,” he explained.

“Cyber-criminals are deploying a range of tactics to enable these impersonation emails to get through perimeter security and then trick recipients into falling victim.”

Among these tactics are:

  • Stylized HTML templates to impersonate brands, featuring official logos and footers
  • Legitimate hyperlinks to the impersonated brand’s site, to help bypass link scanning detection
  • Hijacked or spoofed lookalike domain names, which are very subtly different to the legitimate version
  • Social engineering tactics such as subject lines offering rewards or time-limited offers
  • Obfuscation techniques meaning users won’t see the URL of a phishing site if they hover over a “shop now” button embedded in the email

“Slowing down to check the legitimacy of an offer – for example, by checking social media feeds or contacting the provider another way – can help people determine whether a discount is real or fake,” said Chapman.

“Ultimately, however, when cyber-criminals are using sophisticated tactics, people and organizations need to ensure they have the right anti-phishing and anti-malware protection in place to detect and prevent attacks, whether they’re at work or at home.”

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Ransomware Rising Despite Takedowns, Says Corvus Report
LockBit, Black Basta, Play Dominate Ransomware in Q1 2024
The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian
State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities
Over 850 Vulnerable Devices Secured Through CISA Ransomware Program

Leave a Reply

Your email address will not be published. Required fields are marked *