Bogus retail sites, extreme discounts, busy hackers
The National Retail Federation expects 115 million physical shoppers to be out on Black Friday, and cyber crooks want a part of the action. Last year, researchers discovered nearly 20,000 URLs using the words “Black Friday” and promising huge discounts with links to malicious web pages. Along with the fake URLs, there were nearly 770,000 financial phishing attack attempts.
Bogus Ray-Ban 80% Discount Sale
This bogus Ray-Ban landing page link, www.rayban-outlet.us, showed up at the top of Google searches when Ray-Ban and Black Friday were entered as keyword searches. Once shoppers clicked, they were directed to a fraudulent, authentic-looking page that included user reviews.
Avoid the Bait
How to avoid getting hoodwinked? Here are some tips:
- One clue the site may not be legit is to look at the URL. In this case, the website claimed to be the official Ray-Ban site, but the URL was www.rb6.us. Always doublecheck by conducting a search for the company using its full name.
- Hover over any links to see if a different name or words come up, unconnected to the site you are visiting. For websites you visit frequently, save the real websites in your favorites and browse there to avoid ending up somewhere dangerous.
- Watch out for a domain with a few extra words in its name. Past examples have included Amazonsecure-shop, Target-officialsite and Walmart-outlet.ga.
- Watch out for misspellings: Walmaart, Yahooo, Amazonshop.gq, etc.
On Twitter, cyber thieves use “URL shortening” services to disguise phishing URLs. As a result, a very short URL can be used to redirect visitors to a longer “hidden” URL on Twitter.
Then there’s Facebook. The number and variety of scams are too many to list. For a glimpse, check out https://thehackernews.com/2017/10/facebook-link-spoofing.html.