Cyberattacks on consumers and retailers surged during Black Friday week, according to a report released Wednesday by a cybersecurity platform provider.
The provider, Darktrace, of Cambridge, England, reported that an analysis of its customer data for November revealed a 327% increase in worldwide Christmas-themed phishing from the first week to the last week of the month and a 692% increase in Black Friday-themed sorties.
The threat landscape in the United States was considerably worse, the report noted, with phishing attacks mimicking major holiday brands, including Walmart, Target, and Best Buy, rising by more than 2000% during peak shopping periods.
Darktrace researchers also found that scammers began shifting their attention from businesses to consumers as the holiday shopping season got into high gear. The impersonation of major consumer brands grew 92% globally between the analyzed periods while mimicking workplace-focused brands declined by 9%.
“While we didn’t look at a year-on-year comparison in this analysis, we believe the rise of AI combined with automation and growing cybercrime-as-a-service marketplaces is increasing the speed, scale, and sophistication of cyberattacks, including phishing,” Darktrace Vice President of Threat Research Nathaniel Jones told the E-Commerce Times.
“With generative AI, the barrier to entry of phishing and malware has been lowered, creating a lot more danger for users as they do their holiday shopping,” Jeff Wolverton, CEO of PiviT Strategy, an IT consulting and managed services provider, in Charlotte, N.C., told the E-Commerce Times.
Jones added that one sophisticated technique that has been increasing in prominence is thread hijacking. “Thread hijacking typically involves attackers gaining access to a user’s email account, monitoring ongoing conversations, and then inserting themselves into these threads,” he explained.
“By replying to existing emails, they can send malicious links, request sensitive information, or manipulate the conversation to achieve their goals, such as redirecting payments or stealing credentials,” he continued. “Because such emails appear to come from a trusted source, they often bypass human security teams and traditional security filters.”
Improved Fake Stores
-
BEST Webhosting
Explore a comprehensive array of web hosting services designed to cater to various needs. Whether you’re an individual looking for reliable personal hosting or a business requiring high-performance solutions, BEST Webhosting offers tailored options to ensure optimal website performance, robust security, and 24/7 support.
-
Unveiling the Pillars of Web Hosting
Web hosting is the backbone of a digital presence, providing the infrastructure necessary to publish and maintain websites online. This article delves deep into the essentials of web hosting, guiding individuals and businesses to make informed decisions. Learn about hosting types, server performance, and scalability options to choose the perfect fit for your online goals.
-
Digital Experience and Coding a New Website
Building a website today involves more than creating an online presence; it’s about delivering an exceptional digital experience. This piece explores modern website design principles, user experience strategies, and advanced coding techniques. It highlights how a well-crafted website can effectively convey your brand message, captivate audiences, and drive business success.
-
How to Buy a .com.au Domain: A Buyer’s Guide to .com.au Domains
This guide is a must-read for startups and established businesses aiming to enhance their Australian online presence. Learn the steps to secure a .com.au domain that aligns perfectly with your brand identity. The article provides insights into domain registration requirements, tips for choosing a memorable domain name, and the benefits of a local domain for SEO.
- Incredible Ideas deserve Incredible DomainsWith Rapid Registration, your domain is registered almost instantly, meaning you don’t have to wait to get your business or name online!
-
Edge of Technology, Digital Transformation, and Cloud Computing
Staying competitive in today’s fast-paced digital landscape requires leveraging cutting-edge technologies. This article explores the vital roles of Digital Transformation (DT) and Cloud Computing in modern business strategies. Understand how these technologies drive efficiency, foster innovation, and enable organisations to scale operations seamlessly.
-
The Best WordPress Plugins for Email Marketing to Grow and Engage Your Subscriber List
Email marketing remains a powerful tool for audience engagement and lead conversion. Discover top WordPress plugins like Mailchimp, Constant Contact, OptinMonster, and Thrive Leads. This article provides detailed guidance on creating effective opt-in forms, segmenting email lists, automating campaigns, and tracking metrics for successful email marketing strategies.
-
The Best WordPress Caching Plugins to Optimize Site Speed and Performance
Website speed and performance are crucial for user experience and SEO rankings. This detailed review covers the most effective WordPress caching plugins, including W3 Total Cache, WP Super Cache, WP Rocket, WP Fastest Cache, and LiteSpeed Cache. Learn how these plugins enhance site performance by minimising load times and optimising server resources.
“This year, it appears that the quantity of fake online stores has increased,” added Erich Kron, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla. “This is likely due to improvements in tools and the use of AI to generate fake sites, create item descriptions, and write fake reviews in an effort to make the sites seem legitimate.”
He explained that by using freely available tools, bad actors can easily and quickly mimic an entire website, including images, logos, and other identifying features. “It’s then relatively easy to create a domain name that appears to be that of the legitimate brand or an affiliate of the brand they are copying,” he told the E-Commerce Times.
“Even though these websites are typically taken offline very quickly, the ease with which they can be created counters the disadvantage of them being shut down quickly,” he said.
Mika Aalto, co-founder and CEO of Hoxhunt, a provider of enterprise security awareness solutions in Helsinki, explained that holidays contain more travel and gift-buying activity along with heightened emotions, so there are a lot more psychological buttons available to hackers during this season of giving.
“Package delivery-themed phishing campaigns are common, and we see a number of Amazon spoofed sites that lead to credential harvesters,” he told the E-Commerce Times. “Travel-themed phishing campaigns might notify a victim that their flight has been canceled, so in a panic, someone might click something they otherwise wouldn’t and download malware that could compromise their system.”
Mobile Dilemma
Leading up to Black Friday and throughout the holiday season, threat actors like to capitalize on themes like deals or coupons, added Selena Larson, a senior threat researcher at Proofpoint, an enterprise security company in Sunnyvale, Calif.
“We also see threat actors leverage end-of-year themes like bonuses or pay raises to entice users to engage with malicious content,” she told the E-Commerce Times.
Consumers need to be particularly careful when responding to potential deals on their mobile phones. “Make sure that you are on an official site before you perform a transaction,” cautioned Krishna Vishnubhotla, vice president of product strategy at Zimperium, a mobile security company based in Dallas.
“Since mobile devices have a smaller form factor, this will be extremely difficult,” he told the E-Commerce Times. “Bad actors will redirect you over and over again to confuse you and make you land on a fake website. Unfortunately, there is really no way to know where these sites are hosted so that you can make a smart decision based on that information.”
Dark Web Discounts
The surge in holiday-themed phishing attacks reflects how cybercriminals expertly time their campaigns to blend in with the heightened volume of legitimate retail communications and capitalize on consumers’ reduced scrutiny during peak shopping periods, observed Stephen Kowski, field CTO with SlashNext, a computer and network security company, in Pleasanton, Calif.
“The massive spike in retail brand impersonation attacks targeting major retailers demonstrates how threat actors are becoming increasingly sophisticated in exploiting seasonal consumer behaviors and shopping patterns,” he told the E-Commerce Times. “Modern phishing threats have evolved beyond traditional corporate email security boundaries, targeting personal accounts, social media, and various communication channels that employees use while shopping online during work hours.”
“Organizations need comprehensive protection that extends beyond corporate infrastructure to detect and block sophisticated phishing attempts across all digital channels while ensuring employees can safely participate in holiday shopping without compromising security,” he said.
Chris Hauk, the consumer privacy champion at Pixel Privacy, a publisher of consumer security and privacy guides, pointed out that brands are making efforts to foil scammers. “Brands are taking action to battle impersonators by verifying their official accounts on social media, having fake apps removed from app stores, and submitting takedown requests for lookalike websites and domains,” he told the E-Commerce Times.
“Brand impersonation is a persistent problem and is difficult to combat,” noted Paul Bischoff, a privacy advocate at Comparitech, a reviews, advice, and information website for consumer security products.
“If a company knows its brand is being used to scam people,” he told the E-Commerce Times, it should do what it can to raise awareness of the scam among its customers. The problem is more pervasive during the holiday season when people are looking to take advantage of shopping deals.”
Unfortunately, consumers aren’t the only shoppers for deals during the holiday season. “Similar to retailers, threat actors also use the holiday season to offer seasonal discounts for their offerings,” Darktrace’s Jones said. “Cybercriminal shops will offer deals on the dark web for compromised data, like usernames and passwords, often selling them in bulk pricing deals during the holiday season.”
