Cybersecurity

Black Friday: Phishing Emails Soar 237%

Security researchers have warned of triple-digit increase in the volume of phishing emails designed to trick shoppers, ahead of the Black Friday online sales bonanza which starts today.

For the past few years, the Amazon-inspired event has signaled the unofficial start of the busy shopping season running through to the end of December.

However, it also represents a major opportunity for scammers to trick users into handing over logins and personal/financial information or clicking on malicious links or attachments.

Between November 1 and November 14 this year, security vendor Egress detected a 237% increase in phishing emails relating specifically to Black Friday and Cyber Monday, versus the period September 1-October 31.

Read more on Black Friday threats: UK Privacy Regulator Issues Black Friday Smart Device Warning

VP of threat intelligence, Jack Chapman said the vendor predicts a further increase in this volume in the succeeding week.

“This year, our threat intelligence analysts have seen a range of attacks, including a high number of phishing emails impersonating globally recognized brands,” he explained.

“Cyber-criminals are deploying a range of tactics to enable these impersonation emails to get through perimeter security and then trick recipients into falling victim.”

Among these tactics are:

  • Stylized HTML templates to impersonate brands, featuring official logos and footers
  • Legitimate hyperlinks to the impersonated brand’s site, to help bypass link scanning detection
  • Hijacked or spoofed lookalike domain names, which are very subtly different to the legitimate version
  • Social engineering tactics such as subject lines offering rewards or time-limited offers
  • Obfuscation techniques meaning users won’t see the URL of a phishing site if they hover over a “shop now” button embedded in the email

“Slowing down to check the legitimacy of an offer – for example, by checking social media feeds or contacting the provider another way – can help people determine whether a discount is real or fake,” said Chapman.

“Ultimately, however, when cyber-criminals are using sophisticated tactics, people and organizations need to ensure they have the right anti-phishing and anti-malware protection in place to detect and prevent attacks, whether they’re at work or at home.”