No matter how hard one tries to stay away from consumer capitalism, they invariably fall victim to it during the Black Friday and Cyber Monday juggernaut. As stores in the United States, and also around the world, slash their prices and offer products at a cheaper cost, it’s the only time during the year when a majority of people purchase goods. It’s no wonder that one finds their inbox flooded with promotional offers, as well as their Twitter and other social media platforms. The cacophony of information regarding deals and offers give scammers the perfect opportunity to slip in their tried and tested tricks. From pitching phishing emails and bogus websites trying to lift your credit card number to attackers planting malware and cryptojacking modules – one should be extremely cautious before clicking on any offer-related webpage.
Researchers have found that Black Friday and Cyber Monday give scammers extra cover, particularly for standalone malicious websites and apps that can tie into the broader wave of special promotions. “Over Black Friday weekend, if you’re visiting a top e-commerce site, everyone knows—threat actors included—that you’re planning on spending money, and very likely more money than you usually spend,” says Yonathan Klijnsma, a researcher at the threat detection firm RiskIQ. “As a consumer, it’s important to pay attention to detail while shopping online and pay attention to your surroundings. There are usually clues that can help you identify something potentially malicious.”
Hackers use malicious websites, emails, apps, and texts to lure victims to take action. Victims are usually enamored by the limited-time deals or excessively low prices of expensive items. On a normal day, they are more prone to ascertain such emails as scams. However, their judgment is clouded by the fact that it’s Black Friday, and such deals might actually be plausible. Hackers use the same tactics as retailersBlack friday – rendering it almost impossible to distinguish between the two.
“Each year around this time, two fluctuations in the threat landscape occur—phishing volume spikes significantly and the themes and targets change,” says Crane Hassold, senior director of threat research at the phishing defense firm Agari. “Around the holiday season, there is a reasonable expectation of someone receiving emails from various companies promoting sales or requesting information, so phishers piggyback on this to blend into the crowd.”
As RiskIQ conducted research into the potential scamming websites operating during this time, they found that more than 5% of the thousands of results were malicious apps that contain credit card number skimmers, adware, malware, or even mobile ransomware. Scammers also extended their phishing schemes by pretending to have users link the app with a trusted service like Facebook or Google, to steal those login credentials. The researchers found more than 6,000 malicious apps posing as special Black Friday or Cyber Monday downloads from top retail brands.
It’s very important to trust your intuition while shopping for Black Friday. It’s not possible that an iPhone or PlayStation is advertised at 70% off, and such links should immediately be considered as scams. In addition to using common sense, one can also check online for a website being malicious or not. Not falling into the trap of scammers during Black Friday is tricky, but if done correctly, can be avoided.Hacking