Holiday Shopping and Phishing-as-a-Service
Researchers at Egress observed a massive increase in phishing kits in the run-up to Black Friday and Christmas, particularly those impersonating Amazon.
“The research, conducted in partnership with Orpheus Cyber, has lifted the lid on how cybercriminals prepare to take advantage of the retail event, reporting a 397% increase in typo squatting domains explicitly tied to phishing kits,” Egress said. “Amazon was a popular choice for cybercriminals, with a 334.1% increase in phishing kits impersonating the brand ahead of its anticipated Black Friday promotions. Amazon was the top brand for fraudulent webpages linked to phishing kits, with researchers observing almost 4,000 pages imitating the brand – three times as many as those detected for the popular online auction site eBay and over four times as many as for retail giant Walmart.”
Jack Chapman, Egress’s Vice President of Threat Intelligence, stated that people should continue to be vigilant throughout the rest of the holiday shopping season.
“We all want to buy our loved ones the best possible Christmas present and net a bargain price in the Black Friday sales, and each year cybercriminals use this to their advantage,” Chapman said. “PhaaS has lowered the barriers to entry for cybercriminals, making it easy to impersonate well-known brands and trick victims. The recent increase in the number of phishing kits listed for sale highlights the criminals’ appetite for carrying out attacks during busy shopping periods.
Chapman added that people should be particularly cautious with emails that purport to offer shopping discounts.
“Our research uncovered the behind-the-scenes activity of cybercriminals as they prepare to take advantage of unsuspecting victims this holiday period, highlighting the ease with which they’re able to impersonate brands such as Amazon,” Chapman said. “As we approach Christmas, I’d urge everybody to take extreme caution when it comes to unexpected offers and discounts – and if you’ve received an email that you think looks suspicious, don’t click any links and don’t download any attachments.”
New-school security awareness training can enable your employees to follow security best practices so they can avoid falling for social engineering attacks.
Egress has the story.
Get Your Free 2021 Holiday Security Awareness Resource Kit
It’s the busiest time of year for everyone, especially cybercriminals. They know surges in online shopping, holiday travel, and time constraints can make it easier to catch users off their guard with relevant schemes. That’s why we put together this resource kit to help your users make smarter security decisions every day.
- Free training video for your users on “Stay Safe for the Holidays”, available in 10 languages.
- Free training course for your users on “Staying Safe for the Holidays”.
- Resources to share with your users including tip sheets, digital signage, and a video with helpful tips.
- Newsletters about holiday shopping and travel safety for your users.
- Access to resources for you to help with security planning for the upcoming year.
- Printable and digital assets that you can use to promote cybersecurity awareness in your organization throughout the holiday season.
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://www.knowbe4.com/holiday-resource-kit-partner?partnerid=001a000001lWEoJAAW