By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The holiday shopping season is in full swing, with Black Friday and Cyber Monday just around the corner, and scammers have been getting ready to cash in from their fraud campaigns. While some fraudsters target the online landscape fooling shoppers with lookalike domains, others focus on customers of brick and mortar retail stores. The latter take advantage of the flood of legitimate discounts to trick potential victims into giving information that could be used for attacks all year round. Researchers at ZeroFOX combed the internet for holiday-themed fraud campaigns and found more than 60,000 potential scams, most of them aimed at consumers in the market for regular products that do not fit the luxury category. The cybersecurity company noticed that the scammers attracted victims with the promise of gift cards, giveaways, discounts, or coupons. Since user data was the coveted prize, all cybercriminals had to do was create an appealing post directing victims to malicious websites. According to ZeroFOX, this type of post is likely advertised found on social media and digital platforms. The link in the post above leads to a landing page with multiple fake giveaways. The poor design of the page should serve as a warning, and so should the request to input personal information such as phone number, gender, date of birth, and street address. Most of the keywords likely to lead to a retail scam that was noticed by the researchers during their study are related to gift-giving. However, posts from unknown accounts on social media that contain 'holiday,' 'Christmas,' 'Thanksgiving' or Black Friday and Cyber Monday should also be regarded with suspicion. ZeroFOX says that the fraudulent domains they found can be spotted as they typically combine specific keywords ('login,' 'verify,' 'free,' 'deal,' 'verification,' 'coupon') with a call to action like logging in or verifying an account to continue. Some of the words The researchers note that they did not check all the domains that came up during their search but the probability of them serving content is high since they all had a TLS certificate, which requires extra effort. A small sample of the websites was verified, though, and the results were expected: phishing, giveaway/coupon scams, and some dubious Chrome extensions. For more turn to OUR FORUM.

 

Translate