SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Festive season online shopping spurs rise in luxury brand phishing scams
Tue, 21st Nov 2023

As the festive holiday season ramps up, so does online shopping, with the inevitable spike in cyber threats. Recent figures from Check Point Research (CPR), which specialises in digital security, reveal a significant rise in cyber-related danger, with a disturbing 13% increase in malicious files related to orders and delivery processes in October 2023 compared to the same period last year.

The company warns about an advanced scheme where hackers are using renowned luxury brands, such as Rolex, Ray-Ban, and Louis Vuitton, as bait. The cybercriminals create fraudulent emails promising sizeable discounts on high-ticket goods, with email addresses manipulated cunningly to appear genuine. These deception techniques lead consumers onto fraudulent phishing websites that closely mimic official brand sites, posing a serious risk to users who are prompted to input sensitive information such as credit card or login details.

The researchers highlight that delivery service and shipping sectors are particularly targeted during the widespread celebration of Black Friday and the last-minute Christmas shopping rush. They also urge consumers to exercise caution and pay close attention to the origins of emails and the validity of linked domains to avoid falling victim to these sophisticated scams.

As part of their research findings, Check Point revealed examples of some of these fraudulent schemes. Under the guise of incredible Black Friday deals, potential victims are contacted from email addresses impersonating luxury brands like Rolex, Ray-Ban, and Louis Vuitton. The messages entice targets with unrealistically low prices and direct them to suspicious looking websites with URLs disconnected from the actual brands.

Upon clicking any of these artificially crafted links, users unsuspectingly land on fraudulent websites, painstakingly designed to mirror the official sites of the brands they mimic. Arena filled with counterfeit luxury goods offered at virtually unbelievable prices, these false sites inevitably attract users in the holiday shopping fervour. Nevertheless, the acute danger lies in the malign intentions these websites harbour, as they compel users to input their sensitive account details – a veritable goldmine for cyber attackers.

Phishing websites, which are created to steal sensitive information, are an emerging threat identified by CPR. They unveiled examples of such websites offering well-known shoe brands at ridiculously discounted prices, using similar registered information and layouts to each other. The sites are cunningly crafted to mimic genuine platforms, and major brands are frequently victims of such spoofing.

Aiming to deceive end-users into willingly providing their credentials, effective URL phishing serves to harvest valuable credit card details, usernames, passwords, and other forms of personal data. Check Point imparts invaluable advice to consumers about the ways to detect a URL phishing attack. They suggest ignoring display names, verifying the domain for discrepancies, and exercising extreme caution with links, endorsing the use of a phishing verification tool for those suspicious looking hyperlinks.

As cyber threats continue to rise with the start of the festive shopping season, shoppers are advised to remain vigilant and maintain heightened awareness to navigate through the potential dangers that lurk in the online shopping sphere.