This year has already been a record-breaker in terms of online shopping as a result of Covid-19 related restrictions and concerns, and more records are expected to be set in the run-up to Black Friday and Cyber Monday at the end of this month. During the first 10 days of November, the traditional holiday shopping season, U.S. consumers spent $21.7 billion online — a 21% increase year-over-year. And the sales momentum is expected to keep on building. An early sign was the unprecedented spending spree on Chinese Singles Day on 11th November, the world’s largest online shopping event. Alibaba reported a record $74 billion in sales, nearly double the previous year’s record.
However, it isn’t just stores and buyers who are getting ready for an online spree: threat actors are also organizing their infrastructures to try and grab their share of our holiday spending, too. Check Point Research has reported a spike in hacker activity over the past six weeks, with a surge in malicious phishing campaigns targeting online shoppers in the form of “special offers.”
Hackers go phishing to hook unwary online shoppers
- In the four weeks from October 8th – November 9th, the number of weekly “special offers” related phishing campaigns have doubled globally, rising to 243 in the beginning of November, compared to 121 at the start of October
- The first half of November showed an 80% increase in phishing campaigns relating to sales & shopping special offers, with emails including phrases such as “special”, “offer”, “sale”, “cheap”, “% off”
- 1 out of every 826 emails is a phishing email related to November shopping days, compared to less than 1 in 11,000 phishing emails at the start of October
- In just two days (9th and 10th November), the amount of weekly “special offer” phishing campaigns was already higher than during the whole of the first week of October.
A real-life phishing email sample: imitating Pandora
To better educate and inform online shoppers this holiday season, Check Point researchers provided an example of an email phishing campaign they recently caught. The campaign attempts to imitate the jewelry company, Pandora.
- Email subject: “Cyber Monday | Only 24 Hours Left!”
- Sender: Pandora Jewellery (no-reply\@amazon\.com)
The sender contains an Amazon domain, but there is no mention of Amazon in the mail or in the links belonging to it. Further investigation verified the email address was spoofed to appear as if it was sent from Amazon address. Two of the links in the mail are related to a site that tries to trick recipients into thinking the email is from the jewelry company “Pandora.” The misspelling of ‘jewelry’ is a strong clue that the email is fake.
The links in the emails led to the website www[.]wellpand[.]com. After a few days, the links led to a similar website www[.]wpdsale[.]com. These websites were registered at the end of October and beginning of November, right before the phishing emails were actually sent, giving researchers a strong indication that it is a scam. Further investigation showed that both of the websites the emails led to were an imitation of the Pandora jewelry website. Check Point has confirmed that some victims of this attack reside in the USA, UK and Bulgaria.
How to Stay Safe and Shop in Confidence
In the same way shoppers hunt for bargains, hackers will be phishing for victims. So how can you stay safe and enjoy a safer online shopping experience?
Here are our tips:
- Beware of “too good to be true” bargains. This will be tough to do, as Black Friday & Cyber Monday are all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
- Never share your credentials– Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and don’t re-use passwords.
- Always be suspicious of password reset emails– If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). By clicking on a link, you can reset the password to that account to something new. Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and send those to them.
- Always note the language in the email– Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
- Look for the lock. Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
- Watch for misspellings- Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
- Protecting against Phishing Attacks– Understanding the risks of phishing attacks and some of the most common pretexts is an important first step in protecting against them. However, modern phishing campaigns are sophisticated, and it is probable that, eventually, someone will fall for one. When this happens, havingendpoint and email security solutions in place can mean the difference between a major security incident and a non-event. To learn more about protecting your organization against phishing, contact us and check out our advanced anti-phishing solution.
The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.