SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
The festive season sees online scams soar, finds Bitdefender
Fri, 18th Nov 2022
FYI, this story is more than a year old

As the biggest sales event of the year looms, online crooks are starting to target eager consumers looking to save big on Black Friday. Every year during Black Friday and Cyber Monday, scammers and identity thieves take advantage of the shopping frenzy by pumping out email-based schemes designed to trick buyers out of their money and personal information. Unfortunately, this shopping season is no exception. 

Researchers at Bitdefender Antispam Lab have been on the hunt these past weeks for new custom scams threatening consumers’ wallets on Black Friday.

Although bespoke emails were sparse between October 26 and November 6, the rate of unsolicited Black Friday emails peaked on November 9, when 26% of all Black Friday-related correspondence (during the October 26 - November 9 timeline) was delivered to consumers, according to Bitdefender Antispam researchers.

According to Bitdefender telemetry, the researchers found shoppers received 27% of all Black Friday spam emails (by volume) in the US, and 24% reached users in Ireland.
 
They also found 49% of all Black Friday-related spam (by volume) was sent from IP addresses in the US, 16% from Germany, 13% from Bulgaria and 5% in France.

Whereas 56% of all Black Friday spam (by volume) received between October 26 and November 9 was marked as a scam. 

Subject lines of Black Friday-themed spam range from huge discounts on designer bags and sunglasses to traditional marketing ads and giveaway scams. 

Some examples include Black Friday sale Louis Vuitton bags up to 86 off; shop online now; Black Friday Ray Ban Oakley costa sunglasses up to 90 off shop online now; cyber Monday starts now but only for you; November 25, 2022 is Black Friday; claim your $500 home depot gift card now; claim your 100 Walmart reward just in time for Black Friday; the Black Friday countdown has begun.

While Black Friday officially kicks off in the US on November 25, many retailers around the globe begin celebrating two weeks ahead of schedule, giving scammers plenty of leeways to test and perfect their schemes. 

Localized correspondence aimed at Germany, Italy and France has the following subject lines: profitezvite de nosoffresspéciale; einenganzenmonatfreitagjetztbiszu 77 sparen; richiedi un prestito per te 200 di buoni  in regalo; fwd a   paypalgutscheingewinnen; black friday sale 70 rabatt auf sofort.

Spam campaigns leveraging big sales on designer bags and accessories, including Louis Vuitton bags and Ray Bans, are a staple that can also be observed during the holiday shopping season. 

Shoppers shouldn’t fall for the impressive discounts that sound too good to be true. These scam campaigns will guide one to fake shops that steal your money and data.

Since November 7, inboxes in the US, Ireland, Sweden, Denmark, Canada and the UK have received scam correspondence purportedly from home improvement giant Home Depot. Recipients can claim a Home Depot gift card worth a whopping $500. 

Giveaway scams leveraging the names of big US retailers are old news. Users who access the embedded link in the email, though, are taken to a fake online survey page that has nothing to do with a $500 Home Depot gift card.

Scammers also baited users in Germany with a fake PayPal and Amazon Black Friday voucher worth 1,000 euros. This particular campaign originates mainly from IP addresses in Russia (50%), Panama (15%), Germany (13%) and Canada (10%).  

Recipients are urged to enter personally identifiable information (such as their name) and confirm their email addresses. The goal is to persuade users to access a link sent to their email addresses.

“For a successful participation please confirm the email we just sent you,” the phony message reads. “Please also check your spam folder.” 

Following the steps, users could give the scammers additional info and access to their PayPal accounts. 

  • So what can one do to protect their identity and finances during the Black Friday shopping season?
  • Always check the sender’s email address and look for typos.
  • Never interact with unsolicited giveaway correspondence.
  • Shop on legitimate websites you already know.
  • Research any new vendors.
  • Never access links or attachments you receive from unknown sources.
  • Use Bitdefender security solution to fend off scams and phishing links.
  • Add an extra layer of security and privacy to your device when shopping this Black Friday with Bitdefender Premium Security (BPS). With anti-phishing and advanced threat protection to block nasty internet threats, ransomware protection, VPN for safe shopping, and a dedicated Password Manager, the BPS can steer clear of malicious attacks and protect your data.
  • Consider a digital identity theft solution to monitor your sensitive information and finances for signs of fraud.