Black Friday week is also the hottest time for cybercriminals. Online scams are multiplying, taking advantage of the wave of discounts. After all, as reported by an AvantGrade survey, only 13% of Italians, in 2020, declared that they were not interested in Black Friday. And then we are faced with a phenomenon that affects everyone, and running into fake promotions, created ad hoc to deceive consumers, becomes easier. Let’s give some data. For example those of Kaspersky. In 2021, the total number of financial phishing attempts targeting electronic payment systems more than doubled from September (627,560) to October (1,935,905) with a percentage increase of 208%. And from October 27 to November 19, in the period just before the sales season, 221,745 spam emails containing the words “Black Friday” were recorded.
Amazon the most used bait
Kaspersky researchers also analyzed which of the most popular shopping platforms were used as bait to spread phishing pages. Looking at the total number of phishing scams that exploit online store names, it was found that Amazon is the most used bait. For most of 2021, the second most leveraged was eBay, followed by Alibaba and Mercado Libre. “During the Black Friday season we always see an intensification of scamming activity. Perhaps a little more unexpected is the attention paid to electronic payment systems. This time around, we discovered a staggering 208% increase in the number of attacks mimicking popular payment systems. Of course, every new payment application is seen by scammers as a new opportunity to potentially exploit users, “said Tatyana Shcherbakova, security expert at Kaspersky, who added that to protect oneself it is important to” always make sure that the online payment page is safety. For example, look at the URL of the web page to understand if it starts with HTTPS instead of the usual HTTP and if there is a padlock icon next to the URL “.
But do sites protect us?
Also interesting is the analysis of Proofpoint, a company that deals with security and compliance. Analyzing the 20 most popular e-commerce sites in Italy, he found that more than two thirds (14 out of 20) have implemented the DMARC (Domain-based Message Authentication, Reporting & Conformance) protocol – which verifies that the sender’s alleged domain is not has been falsified. The remaining 30% are not actively protecting customers from emails from fraudulent domains. But be careful. Because if this is good news, it is only half good. Because only 6 out of 20 sites (30%) have implemented the most stringent and recommended level of DMARC protection, “Reject,” which actively blocks fraudulent emails before they reach their goal. This leaves the online shoppers of the remaining 70% of retailers at high risk of potential email fraud.
“With Black Friday, the volume of digital communications that is generated is an excellent opportunity for cybercriminals to exploit. – explains Luca Maiocchi, Country Manager of Proofpoint Italia – For this reason it is essential that users pay the utmost attention to incoming email messages, first adopting a zero trust approach, to try to understand which are legitimate and which are not, and act accordingly “
How to defend yourself
So how can you defend yourself against this wave of incoming scams? Let’s see some advice from various cybersecurity experts in these hours: • Do not reuse the same password more than once, and therefore on multiple eCommerce sites. It is recommended that you use a password manager.