Phishing attacks surge ahead of Black Friday and Cyber Monday

Some common email phishing campaigns saw an 80% increase in early November

Some websites have not been designed to operate with a finger press

Security researchers have observed a sharp increase in the number of phishing exploits in the run-up to Black Friday and Cyber Monday.

According to a new Check Point Software report, phishing emails have increased by over 13 times in the last six weeks. Currently, one in every 826 emails delivered is a phishing attempt, compared to less than one in 11,000 at the start of October.

Researchers at Check Point said ongoing COVID-19-related restrictions that limit shoppers’ access to physical stores is driving the spike in phishing attempts as hackers look to capitalize on the expected record numbers of people shopping online. 

There were 80% more sale- or special-related email phishing campaigns in the first two weeks of November than the weekly average throughout October. These emails used terms like “special,” “offer,” “sale,” “cheap” and “% off.”  And on November 9 and 10 alone, the number of “special offer” phishing campaigns exceeded the whole of the first week of October.

Researchers highlighted one email phishing campaign where threat actors imitated Pandora, the jewelry store. In this campaign, the sender’s email address was from an Amazon domain, but there was no mention of Amazon in the email or its links. Further investigation revealed it was a spoofed Amazon email address.

Related Resource

The State of Email Security 2020

Email security insights at your email perimeter, inside your organisation, and beyond

Email security insights at your email perimeter, inside your organisation, and beyondDownload now

The links within the email initially led to the website www[.]wellpand[.]com, but a few days later, they led to www[.]wpdsale[.]com. These websites were registered at the end of October and beginning of November, right before the hackers sent the phishing emails -- a strong indication of a scam. Further investigation showed both websites were Pandora spoofs. 

Check Point manager of data intelligence Omer Dembinsky said COVID-19 restrictions will inevitably drive more online shopping traffic, fueling hacking efforts.

“Consequently, we expect record-breaking hacker activity targeting online shoppers this upcoming holiday season, especially around Black Friday and Cyber Monday.  We’re noticing an unusual and determined focus by hackers on ‘special offers’ this month of November,” he said.

“These phishing campaigns can be extraordinarily deceptive, and online shoppers could easily mistake them for real offers. We’re living in an age where every email in our inboxes must be treated with caution. I strongly urge every online shopper to think twice when looking at a “special offer” from their favorite brand.”

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
Biden calls for $22 billion in cyber security funding
Security

Biden calls for $22 billion in cyber security funding

18 May 2021
Avast’s Business Hub helps eliminate gaps in cyber defense
Security

Avast’s Business Hub helps eliminate gaps in cyber defense

18 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021