Black Friday: Phishing Emails Soar 237%


Security researchers have warned of triple-digit increase in the volume of phishing emails designed to trick shoppers, ahead of the Black Friday online sales bonanza which starts today.

For the past few years, the Amazon-inspired event has signaled the unofficial start of the busy shopping season running through to the end of December.

However, it also represents a major opportunity for scammers to trick users into handing over logins and personal/financial information or clicking on malicious links or attachments.

Between November 1 and November 14 this year, security vendor Egress detected a 237% increase in phishing emails relating specifically to Black Friday and Cyber Monday, versus the period September 1-October 31.

Read more on Black Friday threats: UK Privacy Regulator Issues Black Friday Smart Device Warning

VP of threat intelligence, Jack Chapman said the vendor predicts a further increase in this volume in the succeeding week.

“This year, our threat intelligence analysts have seen a range of attacks, including a high number of phishing emails impersonating globally recognized brands,” he explained.

“Cyber-criminals are deploying a range of tactics to enable these impersonation emails to get through perimeter security and then trick recipients into falling victim.”

Among these tactics are:

  • Stylized HTML templates to impersonate brands, featuring official logos and footers
  • Legitimate hyperlinks to the impersonated brand’s site, to help bypass link scanning detection
  • Hijacked or spoofed lookalike domain names, which are very subtly different to the legitimate version
  • Social engineering tactics such as subject lines offering rewards or time-limited offers
  • Obfuscation techniques meaning users won’t see the URL of a phishing site if they hover over a “shop now” button embedded in the email

“Slowing down to check the legitimacy of an offer – for example, by checking social media feeds or contacting the provider another way – can help people determine whether a discount is real or fake,” said Chapman.

“Ultimately, however, when cyber-criminals are using sophisticated tactics, people and organizations need to ensure they have the right anti-phishing and anti-malware protection in place to detect and prevent attacks, whether they’re at work or at home.”

Products You May Like

Articles You May Like

Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Apple Boosts Spyware Alerts For Mercenary Attacks
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
CISA Urges Immediate Credential Reset After Sisense Breach

Leave a Reply

Your email address will not be published. Required fields are marked *