Site icon Check Point Blog

November Shopping Schemes: Check Point Research Unveiling Cybercriminal Tactics as Luxury Brands Become Pawns in Email Scams

November Shopping Schemes

Highlights:

Protecting your November Shopping Experience

As the holiday season kicks into gear, the online shopping landscape becomes a bustling hub of activity. However, amid the excitement of finding the perfect deals, there’s a lurking danger that shoppers need to be aware of—cybercrimes targeting unsuspecting victims. In this blog, we delve into the alarming tactics uncovered by Check Point Research (CPR), where luxury brands are exploited as bait to lead users into clicking on malicious links. Join us on a journey through the virtual marketplace as we unravel the schemes and offer essential insights to help you shop securely in November and beyond.

A luxurious click that might cost even more than you realize.

As the November shopping frenzy approaches, Check Point Research has unearthed a concerning email pattern employed by hackers. This deceptive tactic involves the spoofing of renowned brands, such as Louis Vuitton, Rolex, and Ray-Ban. The hackers craft enticing emails promising steep discounts on these luxury products, with the email addresses cleverly manipulated to mimic the authenticity of the brands. Despite the appearance of legitimacy, a closer look reveals that the email origins have no connection to the actual luxury companies.

Upon clicking the tempting links within these emails, unsuspecting victims are led to websites meticulously designed to replicate the official sites of the targeted brands. These fraudulent sites then peddle luxury goods at unbelievably discounted prices, creating an alluring trap for potential shoppers. However, the real danger lies in the malicious intent behind these sites, as they prompt users to input their account details. This sensitive information becomes vulnerable to theft by the attackers, highlighting the urgent need for heightened awareness and caution as we navigate the enticing realm of November shopping.

  Rolex Ray Ban Louis Vuitton
Subject [Black Friday Special Offer] Rolex Watches Start at $250 Today! Shop Online Now! Ray Ban Sunglasses 90% Off. 2023 Style. Free Shipping All Order! Shop Online Now! [Black Friday] Louis Vuitton Bags Up To 90% Off! Top Quality Low Cost! Shop Online Now!

 

From Rolex Watches (hxdvd@a[.]mtcyfizfdu[.]ru) Ray Ban (tts@a[.]ljacmbpjo[.]ru) Louis Vuitton (fzcypmsta@a[.]htaegewg[.]ru)
Link www[.]hotwatch[.]su https://www[.]85offrb[.]su www[.]85off-lvbags[.]com
Screenshot of the mail  
Screenshot of the link inactive

Delivery and Shipping sectors:

Check Point Researchers have noticed how cybercriminals are using the delivery and shipping sectors during this traditional shopping period. In October 2023, their findings revealed a staggering 13% increase in the number of malicious files associated with orders and delivery/shipping compared to October 2022. The escalating threat in these sectors underscores the evolving tactics of cyber adversaries, urging heightened vigilance and proactive cybersecurity measures.

As mentioned in October 2023’s most wanted malware, CPR found a campaign of AgentTesla with Archive files delivered as attachments to emails using subjects related to orders and shipments, such as – po-######.gz / shipping documents.gz, luring the victim to download the malicious file.

Below is another example of a campaign of emails impersonating delivery company DHL.

The emails were sent from a webmail address “DHL Express (support@dhl.com)” and spoofed to appear as if they had been sent from “DHL” (see figure 1) and contained the subject “DHL Delivery Invoice #############”. The content asked to download a malicious executable file “Invoice #############”.pdf.exe”, that would drop other malicious files using powershell.

The malicious email which contained the subject “DHL Delivery Invoice #############”

Phishing websites:

CPR also found examples of phishing websites, which have similar registered information and look similar to each other – offering well-known shoe brands at ridiculous prices.

www[.]reebokblackfridayoffers[.]com

www[.]oncloudblackfridaysale[.]com

www[.]hokablackfridaysale[.]com

www[.]salomonblackfridaysales[.]com

Figure 1: reebokblackfridayoffers[.]com

Figure 2: oncloudblackfridaysale[.]com

Figure 3: salomonblackfridaysales[.]com

Figure 4: hokablackfridaysale[.]com

Cybercriminals have invested significant effort in crafting deceptive websites that closely mimic authentic platforms, with major companies like the above examples being frequent targets of such spoofing. This strategy aims to trick end-users into willingly providing their credentials. URL phishing serves as a pretext for executing credential harvesting attacks, and when executed effectively, it can result in the theft of usernames, passwords, credit card details, and other sensitive personal information. Particularly, successful instances often prompt users to log in to their email or bank accounts.

How To Identify URL Phishing

URL phishing attacks use trickery to convince the target that they are legitimate. Some of the ways to detect a URL phishing attack is to:

URL Phishing Protection With Check Point

Check Point developed an anti-phishing solution that provides improved URL phishing protection compared to common techniques. This includes post-delivery protection, endpoint protection to defend against zero-day threats, and the use of contextual and business data to identify sophisticated phishing emails.

Expanding our zero-phishing offering, we’ve also introduced our innovative AI-powered engine to prevent local and global brand impersonation employed in phishing attacks, Collaboratory protecting across networks, emails, mobile devices, and endpoints.

Exit mobile version