Hackers Ramp Up Phishing Exploits in Run-up to Black Friday and Cyber Monday
November 2020 by Check Point
Security researchers at Check Point are reporting alarming spikes in malicious phishing campaigns targeting online shoppers, as Black Friday (27th November) and Cyber Monday (30th November) fast approach. Check Point’s researchers state that ongoing Covid-19 related restrictions that limit shoppers’ access to physical stores is driving the spike in phishing attempts, as hackers look to capitalize on the expected record numbers of people shopping online. Chinese Singles Day on 11th November, the world’s largest online shopping event, saw Alibaba report a record $74 billion in sales, nearly double the previous record.
In the first week of November 2020, there was an 80% increase in the amount of email phishing campaigns related to “special offers” in the first two weeks of November, compared to the weekly average in October. The phrases in these dangerous offers include “special”, “offer”, “sale”, “cheap” and “% off”. On the 9th and 10th November, the amount of weekly “special offer” phishing campaigns was already higher than during the whole of the first week of October.
Each phishing campaign reaches hundreds of recipients, as researchers estimate 1 out of every 826 emails are delivered to users worldwide from senders outside their network. By comparison, the ratio at the beginning of October was less than 1 in 11,000 emails.
Example: Knock-off Pandora Email Phishing Campaign that Targeted e-Shoppers globally, which recipients in USA, UK and Bulgaria fell victim
To better educate and inform online shoppers this holiday season, Check Point researchers provided an example of an email phishing campaign they recently caught. The campaign attempts to imitate the jewelry company, Pandora.
• Subject: “Cyber Monday | Only 24 Hours Left!”
• Sender: Pandora Jewellery (no-reply\@amazon\.com)
The sender contains an Amazon domain, but there is no mention of Amazon in the mail or in the links belonging to it. Further investigation verified the email address was spoofed to appear as if it was sent from Amazon address. Two of the links in the mail are related to a site that tries to trick recipients into thinking the email is from the jewelry company “Pandora”.
The links in the emails led to the website www[.]wellpand[.]com. After a few days, the links led to a similar website www[.]wpdsale[.]com. These websites were registered at the end of October and beginning of November, right before the phishing emails were actually sent, giving researchers a strong indication that it is a scam. Further investigation showed that both of the websites the emails led to were an imitation of the Pandora jewelry website.
Check Point Manager of Data Intelligence, Omer Dembinsky said: “The restrictions enforced by Covid-19 will inevitably drive more online shopping traction. Consequently, we expect record-breaking hacker activity targeting online shoppers this upcoming holiday season, especially around Black Friday and Cyber Monday. We’re noticing an unusual and determined focus by hackers on “special offers” this month of November. These phishing campaigns can be extraordinarily deceptive, and online shoppers could easily mistake them for real offers. We’re living in an age where every email in our inboxes must be treated with caution. I strongly urge every online shopper to think twice when looking at a “special offer” from their favorite brand.”
Security tips for online shoppers this holiday season
1. Beware of “too good to be true” bargains. This will be tough to do, as Black Friday & Cyber Monday are all about great offers – especially during the pandemic. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
2. Never share your credentials. Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and don’t re-use passwords.
3. Always be suspicious of password reset emails. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). By clicking on a link, you can reset the password to that account to something new. Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and send those to them.
4. Always note the language in the email. Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
5. Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
6. Watch for misspellings. Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
7. Protecting against Phishing Attacks. Understanding the risks of phishing attacks and some of the most common pretexts is an important first step in protecting against them. However, modern phishing campaigns are sophisticated, and it is probable that, eventually, someone will fall for one. When this happens, having endpoint and email security solutions in place can mean the difference between a major security incident and a non-event. To learn more about protecting your organization against phishing, contact us and check out our advanced anti-phishing solution.
*The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.