Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday.
The experts noticed that between October 26 and November 6, the rate of unsolicited Black Friday emails peaked on Nov 9, when reached 26% of all Black Friday-related messages.
The experts pointed out that the majority of all Black Friday spam (by volume) (56%) received in the same period was marked as a scam.
Approximately one out of four (27%) of all Black Friday spam emails (by volume) targeted online users in the US and in Ireland (24%). Most of the Black Friday-related spam (49%) originated from IP addresses in the US, followed by Germany (16%).
The malicious messages used various subjects in an attempt to trick the recipients into visiting the bogus websites to receive huge discounts.
Below are some of the subject lines observed by Bitdefender:
The report provides details about some of the Black Friday scams analyzed by the experts, such as Louis Vuitton and Ray Ban sales scams. The scammers were offering impressive discounts that could be obtained by purchasing from fake shops.
Other campaigns observed by the experts invited recipients to claim gift cards from popular retailers like Home Depot.
In this case, the spam messages include links to fake online survey pages that have nothing to do with the retailer’s gift card.
Once the recipients have completed the survey (even if they provide the wrong answers to all questions), they were directed to another page where we could choose the ‘prize.’ Then the recipients have to pay for the shipment by providing personal and financial data.
“We scored an iPhone 13, though. The displayed page uses the recipients’ IP address to display a localized version of the scam – in our case Romania. We need to pay 15 RON (roughly 3.06 USD) for shipping and enter our name and address.” continues the report. “After entering our shipping details, we were prompted to enter our payment information, including cc number and CVV code.”
Researchers also spotted fake PayPal and Amazon voucher worth 1,000 euros used in campaigns aimed at German users. In these campaigns, recipients are urged to enter personally identifiable information and confirm their email addresses. Then the attackers sent malicious links to the email addresses provided by the users.
Below are the recommendations provided by Bitdefender:
The experts also published a guide for a secure holiday shopping.
Safe shopping everyone!
(SecurityAffairs – hacking, scam)