Sunday, November 20, 2016

Black Friday, Cyber Monday Phishing Scams

Cyber-criminals are stepping up their cyber-scams and phishing campaigns against shoppers looking for the best deals this holiday shopping season, Zscaler researchers said. Check out some of the common spam and phishing attacks targeting Black Friday, Cyber Monday, and Thanksgiving.
Researchers have already observed a "sharp increase" in phishing and spam activities against online shoppers, and the number is expected to increase over the next few weeks, Rubin Azad, a security researcher at Zscaler, wrote on the Threat Labz blog. "The motive behind these attempts is to steal sensitive user information which includes personal credentials and financial data," Azad said. The data comes directly from Zscaler Security Cloud, with Web traffic activity for over 12 million users at 5,000 global customers.
Examples of phishing attacks include this fake page pretending to be from Walmart:
Tasty Spam: Walmart

This phishing page has been designed to look like a legitimate page and attempts to trick users into entering their credit card information:

There are also a number of fake websites offering special Black Friday and Cyber Monday deals. The URLs aren't from legitimate retailers but from unrelated domains such as "busycatholicmoms" and "postyourads." You can see a detailed list on the blog post.
Spam Lines
Zscaler also listed some of the common spam subject lines it has seen targeting online shoppers:
  • Make the Most of Black Friday, with A New smart-phone
  • Brand name laptops on sale for BlackFriday
  • [Black Friday Starts EARLY]Saveup to 90% +FREE BonusItems!
  • Walmart One Day Specials BlackFriday
  • Thanksgiving Specials and BlackFriday Discounts!
  • New Early BlackFriday Door busters are Added EveryDay
  • Shop Black Friday to find discounts on electronics
  • Search major Savings on laptops...On black-friday
  • Limited Time Black Friday Deal
  • 10% off Site-Wide. Get Your Black Friday Shopping Started Today!
All online shoppers should be on the lookout for these and related scams, Azad said. Users should scrutinize the source of emails touting shopping deals to make sure they are coming from legitimate senders. They should also check links before clicking on it to make sure the site is valid. E-mailed invoices are convenient, but cyber-criminals also like using them in social engineering attempts. Users should never be entering sensitive information such as payment information or login credentials on pages which aren't protected with HTTPS connections. And it goes without saying you shouldn't be shopping while on an insecure wireless network.
"We caution consumers to be extra vigilant this holiday season when shopping online," Azad wrote.