Advertising

Christmas shopping frenzy fuels cyber attacks in Black Friday week

Advertising

Cyberattacks on consumers and retailers increased during the week of Black Friday, according to a report released Wednesday by a cybersecurity platform provider.

Cambridge, England-based provider Darktrace announced that an analysis of its customer data for November revealed a 327% increase in Christmas-themed phishing worldwide from the first week to the last week of the month, and a 692% increase on Black Friday. – thematic outputs.

The threat was significantly worse in the United States, with the report noting that phishing attacks impersonating major holiday brands, including Walmart, Target and Best Buy, increased by more than 2,000% during peak shopping periods.

Darktrace researchers also found that fraudsters began to shift their focus from businesses to consumers as the pre-Christmas shopping season got into high gear. Impersonation of major consumer brands increased by 92% globally between the periods analyzed, while imitation of workplace-focused brands decreased by 9%.

“While we didn’t look at year-over-year comparisons in this analysis, we believe the rise of artificial intelligence, combined with automation and growing cybercrime-as-a-service markets, is increasing the speed, scale and sophistication of cyberattacks, including phishing,” said Darktrace Vice President of Threat Research Nathaniel Jones for the E-Commerce Times.

“With generative artificial intelligence, the barrier to entry for phishing and malware has been lowered, creating much more danger for users when they shop during the holidays,” Jeff Wolverton, CEO of PiviT Strategy, an IT consulting and managed services provider, in Charlotte. , NC, told the E-Commerce Times.

Jones added that one sophisticated technique that is gaining in importance is fiber hijacking. “Thread hijacking typically involves attackers gaining access to a user’s email account, monitoring ongoing conversations, and then inserting themselves into those threads,” he explained.

“By replying to existing emails, they can send malicious links, request sensitive information, or manipulate the conversation to achieve their goals, such as redirecting payments or stealing credentials,” he continued. “Because such emails appear to come from a trusted source, they often bypass human security teams and traditional security filters.”

Improved fake trades

“The number of fake online stores seems to have increased this year,” added Erich Kron, security awareness advocate at KnowBe4, a security training provider in Clearwater, Florida. “This is likely due to improvements in tools and the use of AI to generate fake pages, create item descriptions and write fake reviews in an attempt to make sites appear legitimate.”

He explained that with freely available tools, bad actors can easily and quickly impersonate an entire website, including images, logos and other identifying elements. “Then it’s relatively easy to create a domain name that appears to be a legitimate brand name or an affiliate of the brand they’re copying,” he told the E-Commerce Times.

“While these websites are usually taken offline very quickly, the ease with which they can be created outweighs the downside of taking them down quickly,” he said.

Mika Aalto, co-founder and CEO of Hoxhunt, a Helsinki-based enterprise security awareness solutions provider, explained that the holidays include more travel and gift-shopping activities along with heightened emotions, so during this time hackers have many more psychological buttons. period of giving.

“Shipping phishing campaigns are common, and we’re seeing a number of fake Amazon sites leading to credential harvesting,” he told the E-Commerce Times. “Travel-themed phishing campaigns can tell victims that their flight has been cancelled, so in a panic someone might click on something they wouldn’t have clicked and download malware that could compromise their system.”

The mobile dilemma

Before Black Friday and during the holiday season, threat actors like to cash in on themes like deals or coupons, added Selena Larson, senior threat researcher at Proofpoint, an enterprise security company in Sunnyvale, California.

“We’re also seeing threat actors use year-end themes, such as bonuses or salary increases, to entice users to engage with malicious content,” she told the E-Commerce Times.

Consumers need to be especially careful when responding to potential offers on their mobile phones. “Make sure you’re on the official site before making a transaction,” assured Krishna Vishnubhotla, vice president of product strategy at Zimperium, a Dallas-based mobile security company.

“Since mobile devices are smaller in size, this will be extremely difficult,” he told the E-Commerce Times. “Bad actors will redirect you over and over to confuse you and get you to a fake website. Unfortunately, there’s really no way to know where these sites are hosted so you can make smart decisions based on that information.”

Dark Web Discounts

The rise in holiday-themed phishing attacks reflects how cybercriminals expertly time their campaigns to blend in with the increased volume of legitimate retail traffic and take advantage of consumers’ limited scrutiny during peak shopping periods, said Stephen Kowski, CTO of SlashNext, a computer and network security company in Pleasanton, California.

“The massive increase in retail brand attacks targeting major retailers shows how threat actors are becoming increasingly sophisticated in exploiting seasonal consumer behavior and shopping patterns,” he told the E-Commerce Times. “Modern phishing threats have evolved beyond traditional corporate email security boundaries to target personal accounts, social media and the various communication channels employees use to shop online during work hours.”

“Organisations need comprehensive protection that goes beyond enterprise infrastructure to detect and block sophisticated phishing attempts across all digital channels, while ensuring employees can safely participate in Christmas shopping without compromising security,” he said.

Chris Hauk, consumer privacy champion at Pixel Privacy, a publisher of consumer privacy and security guides, pointed out that brands are trying to prevent fraudsters. “Brands are taking steps to combat copycats by verifying their official social media accounts, having fake apps removed from app stores, and filing takedown requests for lookalike sites and domains,” he told the E-Commerce Times.

“Brand impersonation is a persistent problem and a difficult one to combat,” noted Paul Bischoff, privacy advocate at Comparitech, a consumer security product review, advice and information website.

“If a company knows its brand is being used to scam people,” he told the E-Commerce Times, it should do what it can to raise awareness of the scam among its customers. The problem is pervasive during the holiday season when people want to take advantage of shopping deals.”

Unfortunately, consumers aren’t the only customers shopping during the holidays. “Like retailers, threat actors use the holiday season to offer seasonal discounts on their offerings,” said Darktrace’s Jones. “Cybercriminal shops will offer deals on compromised data, such as usernames and passwords, on the dark web, often selling it in bulk deals during the holiday season.”

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *