Black Friday and Cyber Monday, crooks are already at work

Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema.

Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday.

The experts noticed that between October 26 and November 6, the rate of unsolicited Black Friday emails peaked on Nov 9, when reached 26% of all Black Friday-related messages.

The experts pointed out that the majority of all Black Friday spam (by volume) (56%) received in the same period was marked as a scam.

Approximately one out of four (27%) of all Black Friday spam emails (by volume) targeted online users in the US and in Ireland (24%). Most of the Black Friday-related spam (49%) originated from IP addresses in the US, followed by Germany (16%).

The malicious messages used various subjects in an attempt to trick the recipients into visiting the bogus websites to receive huge discounts.

Below are some of the subject lines observed by Bitdefender:

• black friday sale louis vuitton bags up to 86 off shop online now
• black friday ray ban oakley costa sunglasses up to 90 off shop online now
• cyber monday starts now but only for you
• 25 nov 2022 is black Friday
• Claim Your $500 Home Depot Gift Card Now!
• claim your 100 walmart reward just in time for black Friday
• profitezvite de nosoffresspéciale (aimed at German shoppers)
• richiedi un prestito per te 200 di buoni  in regalo (aimed at Italian shoppers)
• black friday sale 70 rabatt auf sofort (aimed at German shoppers)

The report provides details about some of the Black Friday scams analyzed by the experts, such as Louis Vuitton and Ray Ban sales scams. The scammers were offering impressive discounts that could be obtained by purchasing from fake shops.

Other campaigns observed by the experts invited recipients to claim gift cards from popular retailers like Home Depot.

In this case, the spam messages include links to fake online survey pages that have nothing to do with the retailer’s gift card.

Once the recipients have completed the survey (even if they provide the wrong answers to all questions), they were directed to another page where we could choose the ‘prize.’ Then the recipients have to pay for the shipment by providing personal and financial data.

“We scored an iPhone 13, though. The displayed page uses the recipients’ IP address to display a localized version of the scam – in our case Romania.  We need to pay 15 RON (roughly 3.06 USD) for shipping and enter our name and address.” continues the report. “After entering our shipping details, we were prompted to enter our payment information, including cc number and CVV code.”

Researchers also spotted fake PayPal and Amazon voucher worth 1,000 euros used in campaigns aimed at German users. In these campaigns, recipients are urged to enter personally identifiable information and confirm their email addresses. Then the attackers sent malicious links to the email addresses provided by the users.

Below are the recommendations provided by Bitdefender:

• Always check the sender’s email address and look for typos
• Never interact with unsolicited giveaway correspondence
• Shop on legitimate websites you already know
• Researcher any new vendor
• Never access links or attachments you receive from unknown sources – Use a Bitdefender security solution to fend off scam and phishing links
• Add an extra layer of security and privacy to your device when shopping this Black Friday with Bitdefender Premium Security.  With anti-phishing and advanced threat protection to block nasty internet threats, ransomware protection, VPN for safe shopping, and a dedicated Password Manager, you can steer clear of malicious attacks and protect your data

The experts also published a guide for a secure holiday shopping.

Safe shopping everyone!

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, scam)

[adrotate banner=”5″]

[adrotate banner=”13″]