The days of the Black Friday, full of discounts and promotions, fuel the strong desire for shopping at reduced prices. Cybercriminals know this, and are using this event to loot consumer accounts. They have already left scams on the web and on social networks: suspicious links in emails which invite you to take advantage of offers that do not exist on Michael Kors bags; but also spam messages on the smartphone informing about prizes received for fictitious competitions. These scams also travel on Facebook e Instagram, through direct messages to potential victims. At least 50 reports have arrived Assoutenti from all over Italy in the last two weeks, they tell us from the consumer association, clarifying that this number is destined to grow: we are still in a ‘dormant’ phase and the alarms will increase as we approach 26 November, Black Friday. The goal is to steal users’ card data to empty their checking accounts. And to do so they are also created fake online store sites which, after placing the order and collecting the amount, disappear into thin air.
Similar dynamics have also been recorded in recent years, we are told by Assoutenti, in conjunction with Black Friday and Cyber Monday (the Monday following the shopping Friday). Indeed, the practice of creating dei siti web fake with unmissable offers of products, which act as phishing lures, is very widespread and well known to experts in the sector. Such as sending emails that induce the recipient to reveal and share information and login credentials. For example, a Kaspersky report indicates the case of an email that warns the user against the violation of his account: in the body of the text there is the Amazon logo and the recipient is invited to click on the link to verify the information , a trap that the theft of information or the download of malware. The authors of the article also recall that between 27 October and 19 November, the period preceding the sales season, well 221,745 spam emails with the words ‘Black Friday’.
Traps take many forms. It can be a message that arrives on the smartphone, which reads: “Dear customer, your Amazon ID has been rewarded”, with a link that should take the user to the page where to get the iPhone as a gift but which actually leads to fake sites . And again, direct messages on Facebook and Instagram, or the use of hashtags and tags to promote links to web portals that offer huge discounts on consumer electronics products or branded clothing. Among the suspicious messages there is also the one that advertises a 100 euro gift card (non-existent) to be spent on Amazon within 24 hours.
Assoutenti also points out the case of advertising images that invite you to take advantage of the 50 percent discount on Apple products: graphics that recall a well-known chain of electronics stores, complete with an Apple logo and links.
Scams and phishing all year round
To create scam pages to use in their phishing offensives, cybercriminals often use the logos and colors of the portals we know. Kaspersky researchers have found some such pages referencing Walmart, eBay, Amazon, Alibaba and Free Market in different languages. An example is the Amazon branded survey which, once completed, would entitle you to a special reward: in reality, the user ends up providing their personal information and, sometimes, bank details.
Another example is the fake login pages: if a person tries to enter their credentials, they end up giving the scammers not only the keys to access the real account, but also all the financial information present in that portal.
In general, online store brands are among those most used as bait by scammers to carry out their phishing offensives: as Kaspersky recalls, in the third quarter of 2021, they were in second place (20.63%) in the list of organizations taken. targeted by cybercriminals, behind global internet portals (20.68%). Banks (11.94%), payment systems (7.78%), social networks and blogs (6.24%) follow in third place.
More specifically, Kaspersky’s investigation revealed that in the first ten months of 2021, 40,584,415 phishing attacks targeting online shopping sites and banking institutions were recorded. If we only consider e-commerce platforms, Amazon was certainly the most used bait by cyber criminals: in the first nine months of 2021, the brand name or brand name was used for 1,815,406 attacks. But for this purpose Ebay (473.429), Alibaba (285.504) and Mercado Libre (165.959) were also used as bait. In addition, Kaspersky also pointed out that the total number of phishing attempts against digital payment systems grew 208 percent between September (627,560) and October (1,935,905) of this year.
The Postal Police reminds that this type of scams and phishing attempts occur throughout the year, but increase with Black Friday and similar recurrences: what better time to disguise yourself among the many offers and promotions, and launch a attack? For this Assoutenti urges consumers to be very careful, proceeding with their online purchases on secure websites (recognizable by the presence of the padlock in the address bar), buying only from reliable sellers who report the data of the company that owns the commercial activity. But above all to be wary of discounts that are too high and not very credible: “No one will ever sell you a smartphone from one thousand euros to one hundred euros”.
Our Black Friday tips: how to tell if the price is really right
by Andrea Nepori