It warns shoppers to be vigilant during Black Friday

November arguably marks the peak of the busiest shopping season as people around the world prepare for the festive season. It was recently reported that over 154 million Americans shopped on Black Friday 2021, with 88 million of them shopping online. According to Adobe, holiday season online spending will approach $210 billion this year, up 2.5% from last year. However, while consumers are preparing to find the best deal, cybercriminals are taking advantage of the market disruption and launching their own ‘deals’ in the form of phishing campaigns and similar fake websites. Here are examples of the campaigns CPR has captured to date and tips on how shoppers can enjoy online shopping without fear of threat this November.

Email scam purporting to be from Louis Vuitton

In late October, Check Point researchers observed a malicious phishing email sent from the email address “[email protected] [.] com” and spoofed to appear as if it had been sent by the company “Louis Vuitton”. The email was titled “Black Friday Sale. Starts at $100. You’ll Fall in Love With Prices.”. Its content was designed to convince the victim to click on two malicious links within the email, which redirected to the domain: “jo [.] sketch[.] ru”. The website claimed to be selling genuine jewellery, which is actually fake, at discounted prices as part of Black Friday.

The well-known fashion brand has also been the subject of several other fake websites. At the beginning of October, four domains were registered with the same format:

“88off-bags.co” / “87off-bags.co”/ “86off-bags.co” / “89off-bags.co”.

All these sites were designed to look like Louis Vuitton’s legitimate website and were distributed via email with the subject line – “[black Friday sale] Louis Vuitton bags up to _% off! Shop online now!” The last month has seen an increasing number of incidents involving these domains, reaching around 15,000 in the week of November 7.

Phishing scams for deliveries and shipments

Cybercriminals are not only taking advantage of this busy time of the purchase process, but also the delivery stage of the items on offer. In the first ten days of November, it was found that 17% of all malicious files distributed via email were related to orders/deliveries and shipments.

A good example of this is an email campaign impersonating the delivery company DHL. Emails were sent from the email address [email protected] [.] com, spoofed to appear as if they were sent from the “SHIPMENT TRACKING” address.

Attached to the email was the malicious URL https://lutufedo[.] 000webhostapp [.] com/key[.] php, which aimed to steal the victim’s credentials by claiming that they had to pay 1.99 euros to complete the delivery.

How phishing works

Phishing is a type of cyberattack where fraudsters send messages pretending to come from a trustworthy person or company. Phishing emails are designed to manipulate a user into taking an action, such as downloading a malicious file, clicking on a suspicious link, or revealing sensitive information. The basic delivery of a phishing attack is via SMS, email, social media or other electronic means of communication.

Such a fraudster may use public channels, such as social media networks, to gather key information about their target. These sources are used to collect details such as the target’s name, job title and email address, as well as interests and hobbies. It then uses this information to create a personalized spam message.

In a phishing campaign, the emails the target receives will appear to come from a known contact or organization. Attackers often create fake websites that look like a trusted entity, such as the target’s bank, workplace or university. Through these sites, attackers try to collect personal information, such as usernames and passwords or payment information.

Some phishing emails can be easily identified due to poor copy or inappropriate use of fonts, logos and layouts. However, many cybercriminals are becoming increasingly sophisticated at crafting authentic messages and using professional marketing techniques to test and improve the effectiveness of their emails.

Avoid scams and enjoy this November shopping without threats

Cybercriminals are taking full advantage of the holiday spirit. That’s why it’s important for everyone to take extra precautions to enjoy a safer online shopping experience. Here are six ways you can stay safe on Black Friday:

1. Always buy from an authentic and trusted source: Before making a purchase, it is important to verify the website we are using to make the purchase. So instead of following a link sent via email or text message, go directly to the retailer by searching for them in your chosen browser and spotting the promotion yourself. These extra few steps will ensure you don’t click on fraudulent links and can make your purchase with confidence.

2. Be alert for similar domain names: Many scam sites will often use a domain name like the brand they are trying to replicate, but with additional letters or misspellings. To ensure you don’t hand over your bank details to scammers, pay attention to URLs, is there anything out of the ordinary or unfamiliar? By taking a minute to look for signs that a website may be fraudulent, you can quickly determine its legitimacy.

3. Look for “too good to be true” deals: Phishing scams often promise extremely good discounts on very popular items. If you get an offer that seems too good to pass up, don’t rush to buy it before it’s gone, as chances are, it’s a scam. Instead, verify that the seller is genuine by checking other sites to see if they offer similar discounts.

4. Always look for the lock on the domain-name address: A quick way to see if a website is secure is to see if the URL starts with HTTPS. This is an indicator that it complies with international security standards and usually comes with a padlock to reflect this. The absence of these signs could indicate that it is unreliable and should be avoided.

5. Use endpoint security: While we see an increase in scam emails during popular shopping periods, phishing emails are used by cybercriminals year-round. This is why everyone should try to implement email security solutions to prevent them from landing in our inboxes.

6. Be wary of password reset emails: With many shoppers packing their carts and entering their payment information into their accounts to check out faster, hackers will once again look for ways to enter users’ shopping accounts. As a result, consumers should be wary of password reset emails that could be misleading. If you receive such a message, always visit the website directly (don’t click on the links) and change your password.


Source: Digital Life! by www.digitallife.gr.

*The article has been translated based on the content of Digital Life! by www.digitallife.gr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!