Cyber criminals use Black Friday as bait to scam shoppers

Read time 4min 10sec

Cyber criminals are taking advantage of the biggest shopping period of the year − Black Friday and Cyber Monday − with security experts already witnessing an increase in counterfeit e-commerce sites that appear to be legitimate brands.

As the bargain-hunting period approaches, researchers from FortiGuard Labs, the research division of security firm Fortinet, have warned that while online shopping-related scams are nothing new, this year more customers are likely to shop online during the Black Friday period.

This will result in a significant upswing in scams using sophisticated methods to lure online shoppers to buy from fake domains, they say.

This comes as the COVID-19 pandemic has fundamentally changed online shopping trends across the globe, fuelling a dramatic increase in the number of e-shoppers.

According to research, around 30% of all retail sales occur between Black Friday (starts on 26 November this year) and Christmas Day.

Brick-and-mortar and e-commerce stores alike stand to generate a significant portion of their annual revenue over this shopping “holiday” weekend, often allowing retailers to catch up on revenue and meet goals and sales numbers for the year.

FortiGuard Labs says it had already encountered over 20 new counterfeit websites created by criminals by October.

“We recently came across a live, active scam that leverages the look and feel of the world’s largest companies and their respective trademarks, aimed to compel and lure victims into making purchases from their site,” according to Val Saengphaibul, Fortinet security researcher.

“These sites are in no way affiliated with the trademark / IP owner, and are recognisable in part because they use the same template over and over in a digital game of whack-a-mole (meaning that as soon as one site gets shut down, another one immediately pops up somewhere else).”

Several of the high-profile brands the research firm has documented include: Blink (Amazon), Oculus (Facebook), Shimano (bicycles), Coleman (camping gear), Ninja (home appliances) and Nu Wave (home appliances).

The websites observed have the following characteristics in common:

  • The domain names have only been registered for a few days to a few months.
  • All sites are registered with the same registrar.
  • They use .TOP and .SHOP top level domains (.com is also common).
  • They use stolen imagery.
  • They contain numerous grammatical errors and inconsistencies in statements.
  • Social media buttons do not resolve anywhere, or go to accounts that either do not exist or have been deleted.
  • Their web hosting providers utilise content delivery networks (CDNs) to remain anonymous (via an IP address that cannot be traced).

Boland Lithebe, head of Altron Systems Integration Security practice, says to avoid being victims, e-tailers need to monitor their online footprint to detect any instances where their brand or associated assets are used without permission.

“Hackers frequently use trademarks of well-known brands to set up phishing sites and dupe consumers into revealing personal information. Similarly, consumers must be able to find legitimate sites online easily, so that they reach the company they want to purchase from.

“By staying abreast of cyber security provisions and thinking ahead to detect threats before they emerge, retailers can work with consumers to provide a safe and trusted shopping environment on the busiest day of the year,” notes Lithebe.

According to research conducted last year by cyber security firm Kaspersky, more than four in five (84%) consumers are willing to share personal information with retailers in order to save money on their Christmas shopping.

The study found the vast majority of shoppers are willing to risk sending data such as e-mail addresses and telephone numbers to take advantage of bargains they receive or see online. Fraudsters are therefore likely to take advantage of this increased desire to save money, which is partly fuelled by the economic crisis caused by the COVID-19 pandemic.

According to FortiGuard Labs, website and e-commerce software have evolved considerably over the past decade.

“With the widespread usage of content management systems (CMS), where CMS and shopping carts are often bundled together with a CDN by a web host, bad actors are able to deploy e-commerce sites in record fashion. As the price of the CDN has come down, many web hosting providers that offer shopping carts are also providing CDN services.

“This has an additional advantage for cyber criminals, as this allows for the origination IP address to be hidden, meaning many websites (good and bad) often share the same IP address. Not only does this make attribution difficult, it gives a bad actor another layer of anonymity,” adds Saengphaibul.

See also