Phishing emails double in November in run-up to Black Friday and Cyber Monday - Check Point Software

This year has already been a record-breaker in terms of online shopping as a result of Covid-19 related restrictions and concerns, and more records are expected to be set in the run-up to Black Friday and Cyber Monday at the end of this month.  During the first 10 days of November, the traditional holiday shopping season, U.S. consumers spent $21.7 billion online — a 21% increase year-over-year.  And the sales momentum is expected to keep on building.  An early sign was the unprecedented spending spree on Chinese Singles Day on 11th November, the world’s largest online shopping event.  Alibaba reported a record $74 billion in sales, nearly double the previous year’s record.

However, it isn’t just stores and buyers who are getting ready for an online spree:  threat actors are also organizing their infrastructures to try and grab their share of our holiday spending, too.  Check Point Research has reported a spike in hacker activity over the past six weeks, with a surge in malicious phishing campaigns targeting online shoppers in the form of “special offers.”

Hackers go phishing to hook unwary online shoppers

• In the four weeks from October 8th – November 9th, the number of weekly “special offers” related phishing campaigns have doubled globally, rising to 243 in the beginning of November, compared to 121 at the start of October
• The first half of November showed an 80% increase in phishing campaigns relating to sales & shopping special offers, with emails including phrases such as “special”, “offer”, “sale”, “cheap”, “% off”
• 1 out of every 826 emails is a phishing email related to November shopping days, compared to less than 1 in 11,000 phishing emails at the start of October
• In just two days (9th and 10th November), the amount of weekly “special offer” phishing campaigns was already higher than during the whole of the first week of October.

A real-life phishing email sample:  imitating Pandora

To better educate and inform online shoppers this holiday season, Check Point researchers provided an example of an email phishing campaign they recently caught. The campaign attempts to imitate the jewelry company, Pandora.

• Email subject: “Cyber Monday | Only 24 Hours Left!”
• Sender: Pandora Jewellery (no-reply\@amazon\.com)

The sender contains an Amazon domain, but there is no mention of Amazon in the mail or in the links belonging to it. Further investigation verified the email address was spoofed to appear as if it was sent from Amazon address. Two of the links in the mail are related to a site that tries to trick recipients into thinking the email is from the jewelry company “Pandora.”  The misspelling of ‘jewelry’ is a strong clue that the email is fake.

The links in the emails led to the website www[.]wellpand[.]com. After a few days, the links led to a similar website www[.]wpdsale[.]com. These websites were registered at the end of October and beginning of November, right before the phishing emails were actually sent, giving researchers a strong indication that it is a scam. Further investigation showed that both of the websites the emails led to were an imitation of the Pandora jewelry website.  Check Point has confirmed that some victims of this attack reside in the USA, UK and Bulgaria.

A Phishing email impersonating “Pandora” Outlet Store

How to Stay Safe and Shop in Confidence

In the same way shoppers hunt for bargains, hackers will be phishing for victims. So how can you stay safe and enjoy a safer online shopping experience?

Here are our tips:

• Beware of “too good to be true” bargains. This will be tough to do, as Black Friday & Cyber Monday are all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
• Never share your credentials– Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and don’t re-use passwords.
• Always be suspicious of password reset emails– If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded lin