The countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th. Black Friday and Cyber Monday have arguably become two of the most important and notable days in the retail calendar as it kicks off the holiday season for shoppers who expect huge price reductions and unique deals. According to the National Retail Federation, they expect 55% of consumers to shop online making protection of e-commerce platforms a critical aspect of businesses cyber resilient strategy and requires consumers to be savvy about secure Internet browsing and online shopping behaviors. With the start of the holiday shopping season and rise of online transactions, cybercriminal actors also seek to profit by tricking consumers into divulging personal and financial data or exploiting weaknesses in merchant websites.
Figure 1. Threat actor motives within breaches over time (Verizon DBIR 2018)
A good indicator of recurring illegitimate activity targeting consumers is compiled within the Symantec Monthly Threat Report which highlights that “Fake Offer” scam types are the fourth most popular in this category. It is expected that these attempts will increase in the run up to and during Black Friday.
Figure 2. Top social media scam types (Symantec Monthly Threat Report)
Unsurprisingly, email remains the most common vector in cyber incidents and breach exposures. As the leading form of business to consumer communication, with a reported ~205 billion emails being sent a day, phishing email campaigns provide an accessible and low-cost route for cyber threat actors to illegitimately access credentials, financial data, and other sensitive information. According to the most recent data from Google’s Safe Browsing service, there is about a 35% uptick in phishing sites in comparison to the prior three months, which could suggest malicious actor preparation is already afoot for the upcoming online holiday shopping season.
Figure 3. Unsafe websites detected by Google Safe Browsing from 08/26/18 to 10/21/18
The holiday shopping season is a lucrative time of year for consumers to save money on their expenses and presents an opportunity for scammers and fraudsters to prey on these online shoppers to make a profit. With the unprecedented levels of web traffic anticipated, several risks are lurking around the corner waiting to victimize online shoppers. Three of the common Black Friday and Cyber Monday scams, we have recently observed and expect to continue are fraudulent shopping site mimicking popular brands, faux gift cards and vouchers designed to steal sensitive information, and special offers and discounts enticing shoppers to navigate to malicious sites or execute malware-laden documents.
Fraudulent online shopping websites involve scammers pretending to be legitimate online sellers, either with a fake website or a fake advertisement on a genuine retailer site. These sites tend to use sophisticated designs and layouts and possibly stolen logos. Oftentimes, they offer luxury items of popular brand names for clothing, jewelry, and electronics at extremely low prices. In the below example, a suspected fraudulent site mimicking a well-known retailer was created with a Black Friday 2018 naming convention and several links to articles of discounted sites for apparel from brands such as O’Neill and Adidas.
Figure 4. Black Friday-themed fraudulent website
Another common technique employed by fraudsters and scammers are special Black Friday and Cyber Monday gift card or vouchers offering additional discounts on specific categories of items or storewide products or services. Oftentimes, these fraudulent gift cards and vouchers are delivered through spam or phishing emails containing malicious file attachments such as Microsoft Word documents or links to malicious websites that infect the victim’s device or steal their personal and financial data. For instance, earlier this year, a cybercrime actor presumably sent out a phishing email laden with a macro-based malware hidden in a Microsoft Office file allegedly offering an extra 30 to 35 percent off on items at an undisclosed retailer to infect their victim’s system.
Figure 5. Malicious Microsoft Word file disguised as Black Friday-themed voucher
Scammers take advantage of consumers desire to save money by advertising limited-time offers or deeply discounted prices for products such as mobile phones, televisions, and other high-priced items. These offers or discounts commonly arrive in spam or phishing emails with embedded hyperlinks to fraudulent web pages that appear legitimate and designed to trick the consumer into entering their user credentials or payment card information. For example, our team discovered a phishing site mimicking a popular Brazilian retail chain “Lojas Americanas” that offered 55% off the regular price of a Samsung Galaxy smartphone hosted at americanas-black-friday[.]com.
Figure 6. Special offer for a Samsung Galaxy smartphone hosted on a phishing site mimicking the Lojas Americanas Brand
Online shopping brings the advantage of choice, convenience and possibly the best deals during the Black Friday and Cyber Monday events. To avoid being duped by fraudsters and scammers, here are some security tips to lower your risk of falling victim to online fraudulent activity:
According to Cybersecurity Ventures cybercrime damages will cost the world $6 trillion annually by 2021 with existential concern for retailers. The impact to consumers is also grave; from personally identifiable information (PII) data potentially being illegitimately acquired and misused and fraudulent transactions being processed. Following the above guidance will drastically reduce the risk of being caught foul of cyber criminal activity this Black Friday and Cyber Monday and beyond. Anomali continues to arm security teams, including those within the Retail industry, with highly optimized threat intelligence to detect threats, understand the adversary, and respond effectively.
Anomali partners with the Retail Cyber Intelligence Sharing Center (R-CISC) which is the cybersecurity community for all retailers and commercial services entities, connecting all aspects of consumer products, goods, and services industries throughout the ecosystem and supply chain. Forming a trusted arena for the sharing of critical strategic and tactical information between members and industry partners across the globe for the purpose of collaborative and innovative problem solving, the R-CISC is the information sharing source for cybersecurity risk management.