Black Friday Shoppers- Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware – including domain impersonation, social media giveaway scams, and a malicious Chrome extension.
Black Friday and Cyber Monday-related scams are nothing new — but researchers warn that this year, they are seeing an uptick in scams using more sophisticated methods to lure users to hand over their payment data.
Research released Tuesday by ZeroFOX uncovered some of the threats that attackers are using to tap into the Black Friday shopping craze, including social-media scams and domain-impersonation scams. These scams are either stealing credentials or payment data from unsuspecting shoppers, or distributing malware onto their systems, said researchers. And they’re using tricks to target the most victims as possible, including purporting to be exclusive, limited-time free giveaways offerings, or telling victims they need to further share the scam on social media in order to unlock further deals.
“We do tend to see an uptick each year in scams that are targeting consumers as the holidays roll around,” Ashlee Benge, threat researcher at ZeroFOX, told Threatpost. “I thought it was interesting that in particular, a lot of the giveaways are more sophisticated than they have been in years previously…. they are using more of these lure words that instill a sense of urgency in potential victims.”
Lindsey O’Donnell Welch: Hi, everyone and welcome back to the Threatpost Podcast. It’s Thanksgiving week here in the US and with Thanksgiving comes Black Friday and Cyber Monday. And everyone in the U.S. knows that Black Friday and Cyber Monday are incredibly lucrative targets for hackers. So we’ve got Ashlee Benge, Threat Researcher at ZeroFOX to discuss Black Friday scams, malware and phishing trends. Ashley, thanks so much for joining me today.
Ashlee Benge: Yeah, no problem. Thank you for having me.
LO: Yeah. So we’re going to discuss a new report that ZeroFOX had released actually today that track these types of scams and malware. So just to get started, can you give us the methodology and background of this report, what did you guys track and specifically look for?
AB: Sure, so using our security platform, we were actually able to go ahead and pull in a whole bunch of data from all the sources that we usually scrape from. And so in particular, we were looking at 26 different brands that range from brick and mortar retail stores, to electronics brands to luxury goods, kind of trying to get a feel for a range of different retailers and range of different types of consumers. And so then in that data set, pulling from all these social media sites, as well as paid sites and things along those lines, we looked for scams that were related to Black Friday, we actually found a ton. We identified over 60,000 and then in particular, we identified a bit over 10,000 that were using Black Friday, as kind of a hook to try and get people to click on these scams.