Black Friday Shoppers Targeted By Scams and Fake Domains


Black Friday Shoppers Targeted By Scams and Fake Domains (Nov 26, 2019)

The annual Black Friday and Cyber Monday sales have started and actors are taking advantage of it to lure customers to hand over their payment data. Researchers from ZeroFOX have analysed that scammers are using various tactics to prevail with their spam attacks and malware. It includes the use of domain impersonation, social media giveaway scams and malicious Chrome extensions. Actors would generally use social media add to lure people into clicking links that would persuade them to pass over different pieces of personal information, which could be credit card information or email addresses. It will also actors to collect user credentials and distribute more malware on their system. This would allow the actors to carry out their spam attacks and with these links could impersonate genuine domains such as Apple or Amazon to legitimise the need for customers to enter their personal details. With these fake domains, users are being tricked into installing malicious Chrome extensions as necessary requirements to view the webpage. The actors behind this extension are using it to extort customers for their social security numbers or risk further compromise of their system.

Recommendation: Phishing, malspam and fake operations will likely increase due to the build up to Black Friday, Cyber Monday and eventually Christmas which means it is that customers should be more aware of anything they click on claiming to be a “deal”. With regards with adds, ensure that they came from the legitimate source regarding actual sales and if you see a deal or giveaway that is too good to be true, then it is likely a scam and should be reported immediately. With regards with emails claiming to be deals, look out for grammatical errors, ensure links are genuine before clicking them and if they ask for personal detail they more than likely fraudulent.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.