Cybercriminals Exploit Black Friday Shopping Season with Phishing Attacks

Podcast

https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers

A new phishing campaign targeting e-commerce shoppers in Europe and the United States has been identified, leveraging the upcoming Black Friday shopping season to deceive victims.

The campaign, attributed to the Chinese threat actor SilkSpecter, uses fake online stores that mimic popular brands like IKEA and North Face. These fraudulent websites offer enticing discounts to lure unsuspecting shoppers into providing their personal and financial information.

Key Tactics Employed:

  • Typosquatting: The attackers register domain names that are similar to legitimate e-commerce sites, such as “northfaceblackfriday.shop.”
  • Geo-Targeting: The phishing sites dynamically adjust language and content based on the user’s location, increasing their credibility.
  • Payment Processing Integration: The attackers use payment processors like Stripe to give the impression of legitimate transactions, masking their fraudulent intentions.
  • Follow-up Phishing Attacks: Victims may be targeted with additional phishing attempts, such as SMS phishing (smishing) or voice phishing (vishing), to obtain sensitive information like two-factor authentication codes.

Other Cyber Threats Targeting Shoppers:

  • SEO Poisoning: Cybercriminals are using SEO techniques to manipulate search engine results and direct users to malicious websites.
  • Fake Delivery Notifications: Phishing attacks disguised as delivery notifications are being used to trick users into clicking malicious links or downloading malware.

Staying Safe During the Holiday Shopping Season:

  • Be Cautious of Unexpected Deals: Be wary of deals that seem too good to be true, especially from unfamiliar websites.
  • Verify Website URLs: Double-check the URL of the website you’re visiting to ensure it’s legitimate.
  • Avoid Clicking Suspicious Links: Don’t click on links in unsolicited emails or messages, even if they appear to be from a trusted source.
  • Use Strong, Unique Passwords: Protect your online accounts with strong, unique passwords.
  • Enable Two-Factor Authentication: Enable two-factor authentication to add an extra layer of security to your accounts.
  • Keep Software Updated: Keep your devices and software up-to-date with the latest security patches.
  • Use a Reputable Security Solution: Install and use a reliable antivirus and anti-malware solution.

By staying informed and practicing safe online habits, you can protect yourself from these and other cyber threats during the holiday shopping season.