Researchers from Check Point Research are warning shoppers to beware of Black Friday hacker “holiday special” scams.
Check Point Research has historically seen a “sharp increase in fake shopping related websites in the run up to Black Friday sales.” Moreover, the security firm warns 17% of malicious files sent via phishing emails were related to orders/deliveries and shipping.
“At the end of October, Check Point researchers observed a malicious phishing email that was sent from the webmail address ‘psyqgcg@moonfooling[.]com’ and spoofed to appear as if it had been sent from ‘Louis Vuitton’,” Check Point wrote in a blog post.
“The email contained the subject line ‘Black Friday Sale. Starts at $100. You’ll Fall In Love With Prices.’,” Check Point added.
The phishing emails of course are designed to trick users into clicking the malicious links embedded within the email and redirect to the fake website and domain (e.g., “jo[.]awojlere[.]ru”) posing to sell genuine jewelry at discounted prices.
In addition, Check Point observed nearly 15,000 incidents by the second week of November related to these scam domains (per Figure 1):
Other examples of malicious campaigns include emails and fake websites impersonating shipping company DHL.
- Attackers exploit open redirect vulnerability on Amex and Snapchat sites
- Interpol operation “First Light 2022” leads to thousands of arrests of social engineering scammers worldwide
- FBI: Beware of cybercriminal SIM swap schemes
- FBI warns of increasing ransomware attacks against the Food and Agriculture sector