Bogus retail sites, extreme discounts, busy hackers
The National Retail Federation expects 115 million physical shoppers to be out on Black Friday, and cyber crooks want a part of the action. Last year, researchers discovered nearly 20,000 URLs using the words “Black Friday” and promising huge discounts with links to malicious web pages. Along with the fake URLs, there were nearly 770,000 financial phishing attack attempts.
Black Friday scams include bogus high-end retailing websites that promise discounts on knock-off items, to malicious websites that steal your credit card and personally identifiable information.
The phishing emails disguise themselves as well known, trusted brands offering expensive merchandise at a much lower cost, knowing that people are looking for good deals and price wars. The information security site, Dark Reading, cites this ad from last year:
Bogus Ray-Ban 80% Discount Sale
This bogus Ray-Ban landing page link, www.rayban-outlet.us, showed up at the top of Google searches when Ray-Ban and Black Friday were entered as keyword searches. Once shoppers clicked, they were directed to a fraudulent, authentic-looking page that included user reviews.
Avoid the Bait
How to avoid getting hoodwinked? Here are some tips:
- One clue the site may not be legit is to look at the URL. In this case, the website claimed to be the official Ray-Ban site, but the URL was www.rb6.us. Always doublecheck by conducting a search for the company using its full name.
- Hover over any links to see if a different name or words come up, unconnected to the site you are visiting. For websites you visit frequently, save the real websites in your favorites and browse there to avoid ending up somewhere dangerous.
- Watch out for a domain with a few extra words in its name. Past examples have included Amazonsecure-shop, Target-officialsite and Walmart-outlet.ga.
- Watch out for misspellings: Walmaart, Yahooo, Amazonshop.gq, etc.
On Twitter, cyber thieves use “URL shortening” services to disguise phishing URLs. As a result, a very short URL can be used to redirect visitors to a longer “hidden” URL on Twitter.
Then there’s Facebook. The number and variety of scams are too many to list. For a glimpse, check out https://thehackernews.com/2017/10/facebook-link-spoofing.html.
More important, outsmart the cyber crooks. Become aware of their tricks to avoid them. The Summit Security Awareness Service goes beyond training to make security awareness an embedded habit. Also check out our “Phishgoggles” Twitter page to find out how to stay out of a cybercriminal’s sight – and have a happy holiday season!