Excerpted from the Barracuda Blog , November 21, 2017, by Fleming Shi

Big Brands and Bonus Bucks Gift Cards: Cybercriminals are launching widespread phishing campaigns spoofing popular e-commerce and consumer brand websites aimed to steal your information.

The appeal of camping out on Thanksgiving night to be the first one in the door for your favorite department store’s Black Friday sale is quickly becoming less tempting since much more can be accomplished online — without having to lose sleep or battle crowds. However, as online shoppers are looking for the best deals to jump on, cybercriminals have taken notice and continue to come up with creative scams to lure would-be deal seekers.

Black Friday Phishing and Cyber Attack Monday

These mass phishing attacks impersonate big brands and popular stores to lure victims into forfeiting their personal information. There are three overarching methods these attackers are using to entice shoppers:

• Hijacking e-commerce brands like Amazon with gift card scam emails.
• Impersonating brick and mortar stores including Walmart and Kohls.
• Hijacking brands of well-known consumer products such as Ray-Ban and Michael Kors.

Focus on the Tactics, Not the Specific Brand Names

The actual names of the brands these attackers are impersonating are less important than the tactic, as criminals can quickly change the name of the brand and launch new mass phishing scams. These mass phishing attacks are sent to thousands of potential holiday shoppers promising time-sensitive gift cards that ultimately send victims to spoofed websites impersonating the companies. The goal is to convince consumers to register or log into what they think is their real Amazon or Walmart account in order to receive a gift card. Sadly, no gift card or bonus bucks will be received, but instead, consumers end up surrendering their account credentials — which can lead to all types of destructive behavior. Cybercriminals can steal account credentials and log into these accounts, retrieve credit card information, additional personal information, and learn about a users’ shopping history for future social engineering attacks.

Take action: Tips to Stay Safe and Preventive Measures

• For this Black Friday/Cyber Monday and holiday season, be safe and don’t click through deal emails. Go directly to the intended site and look for the product deal and avert possible threats.
• Hover your mouse over every hyperlink to make sure it looks like it’s legitimate.
• If there is any doubt or suspicion, don’t click!
• Be extremely cautious of any promotional email you get this time of year.
• Verify the certificate in the left-hand corner of the site – make sure it’s assigned to Amazon.com or other intended sites.
• Websites might look different, you can check the real site to verify.
• Make sure when you log in, register, or insert any personal information — the site is secure. You can check this in the internet browser just before the URL, it will show “Secure” in green.

User Training and Awareness — Employees or really anyone using email should be regularly trained and tested to increase their security awareness of various attacks like these phishing attempts. Simulated attack training is by far the most effective form of training. Always check the domains on emails asking for things from you, including clicking and inputting information.

Layering training with an email security solution by Barracuda that offers sandboxing and advanced threat protection should block spam, phishing attacks, and malware before it ever reaches the corporate mail server or user inboxes. Additionally, you can deploy anti-phishing protection with Link Protection to look for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document.

Contact Chi today to learn how you can keep your business and your family safe from phishing scams.