Scammers, bots dominate threat landscape ahead of Black Friday and Cyber Monday
As Black Friday and Cyber Monday approach, cybersecurity experts and the U.S. government are warning consumers to beware of scams, and retailers are being informed of bots scooping up troves of inventory.
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) said the holiday shopping season is a “prime opportunity” for scammers and cybercriminals to take advantage of shoppers through fake websites, malicious links, and even fake charities in an effort to steal information and money.
CISA suggested shoppers follow basic cybersecurity advice: always use multi-factor authentication, double check website addresses and make sure any emails offering sales are legitimate.
“By following a few guiding principles like checking your devices, shopping from trusted sources, using safe purchasing methods, and following basic cyber hygiene like multi-factor authentication, you can drastically improve your online safety when shopping online for gifts this year,” CISA Director Jen Easterly said.
“Your cyber safety should be treated like your physical safety. Stay vigilant, take steps to protect yourself, and trust your instincts. If you see something that doesn't look right, there's a good chance it isn't.”
Nicole Hoffman, senior cyber threat intelligence analyst at Digital Shadows, told The Record that people are typically distracted during the holiday season, leading to complacency.
Nefarious actors have started crafting malicious versions of legitimate websites to lure victims into providing personal or payment card information, Hoffman explained, adding that there is also a risk of unknowingly downloading malware from one of these spoofed websites.
Spoofed websites can impact a legitimate retailer's reputation and lower consumer trust. Retailers should educate themselves on the techniques, tactics, and tools used by financially motivated cybercriminals to target e-commerce websites, such as a Magecart attack, when hackers access the checkout page of a site.
Nelson Bradley, a manager at Google Workspace Trust & Safety, noted that even before Black Friday, they have been seeing a spike in malicious activity online. Bradley said Google is seeing increases in spam and scams starting earlier each year.
Bradley said on an average day, Gmail blocks nearly 15 billion unwanted messages. In the last two weeks, Gmail blocked 231 billion spam and phishing messages, a whopping 10% higher than the average volume.
Most of the emails fall under five categories: fake gift card requests and giveaways, fraudulent donation requests, demographic targeting, subscription renewals and crypto payment demands.
Researchers at Check Point Security have found dozens of fake websites spoofing well-known brands like Louis Vuitton. In October they found scammers offering sales for the brand in phishing emails with the subject line: “Black Friday Sale. Starts at $100. You’ll Fall In Love With Prices.”
They also found that spoofed sale websites are getting an increasing number of visits as Black Friday approaches.
They urged buyers to look out for misspellings and avoid putting payment information into any website that does not have a secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. Not having a lock is a major red flag, according to Check Point.
“We're already seeing hackers impersonate luxury brands like Louis Vuitton and shipping giants like DHL. Cybercriminals love to play off of the emotions of shoppers. When you’re excited about a great deal or fear missing out, you may take unnecessary risks like shopping at an unfamiliar site or providing sensitive information,” said Check Point’s Ekram Ahmed.
“Cybercriminals know this and actively try to take advantage of this shopping psychology. To stay protected, there are a few basic measures you can take, such as always shopping with official retailers, beware of deals that are 'too good to be true', and don’t be enticed by deals that seem too good to be true, and looking out for suspicious payment methods."
Other cybersecurity firms have seen dramatic spikes in spam. Bitdefender said starting on November 7, they saw a 19% increase in Black Friday spam this year. Like Check Point, they found that scammers are using popular brands like Home Depot, Ray-Ban, Louis Vuitton, and others as a lure to steal credentials including credit card numbers.
Brianna Groves, a security engineer for CyberGRX, noted that they are seeing an increase in fake delivery notifications, banking alerts, travel offers and holiday job offers.
“It is also important to understand your own buying patterns and data interconnectivity. Small adjustments such as using a single trusted payment site, like PayPal, rather than storing your credit cards in every site you shop with, and setting up individual web accounts that aren't tied to one over-arching service, like Google, will set you ahead for better security,” Groves said.
Dark web intelligence company Searchlight Security have also seen deals on tools for criminals, for example ‘Black Friday Sale Prices’ for ATM skimmers and other malware.
For $2,500 someone could by a skimmer, which can steal card data from unsuspecting ATM users, according to Louise Ferrett, threat intelligence analyst at Searchlight Security.
The person they found selling the skimmers promoted it in multiple cybercriminal groups and is offering payment plans for those interested.
“A GSM skimmer is a type of physical fraud device that steals card data from unsuspecting ATM users and sends the information wirelessly to the criminal’s device via GSM cellular protocols,” Ferrett said.
“A threat actor on a popular dark web hacking forum asks for Google and Facebook Ads to set up a fake Black Friday shop to take advantage of shoppers looking for good Black Friday deals. This demonstrates the importance of consumers being especially vigilant when shopping online this holiday season.”
Quantum’s Stephane Cardot added that the concerns go beyond just the personal ramifications of scams.
Employees accidentally falling foul of a phishing attack is still one of the most common causes of an organization's exposure to ransomware and malware, she said, noting that organizations need to employ a multi-layered data protection approach to ensure resiliency and recoverability at any point of their data lifecycle.
She urged organizations to have at least three copies of their data and create an appropriate recoverability system in the event of an attack.
CISA also noted that last year, alongside the FBI, they released guidance for organizations and especially critical infrastructure partners to make sure they are aware of their cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats during the holidays.
'Freebie' Bot concerns
In addition to the concern about cybercriminals and scams, bots are causing widespread problems for retailers and consumers looking to buy in-demand items.
Kasada’s threat research team uncovered a new type of bot that automatically scans retail websites for mispriced goods and services, and purchases them at scale before the error is fixed.
According to Kasada, the bots find and purchase as many mispriced goods as possible – enabling users to then flip the merchandise for an easy profit. In addition to impacting a retailer’s inventory, revenue and brand, Freebie Bots also increase infrastructure expenses, as these requests hit a retailer in parallel across its entire product line.
More than 250 retail companies were recently being targeted by Freebie Bots, with over 7 million messages being sent monthly in freebie communities, Kasada researchers found.
Users this month were able to buy 100,000 products at a combined retail value of $3.4 million using Freebie Bots. Products included off-brand sleeveless halter neck mini dresses, Apple MacBook Air laptops, and deep cleansing facial masks.
“Retailers are already facing pressures this holiday season due to inflation and the annual recurrence of Grinch Bots," said Kasada founder and CEO Sam Crowther, referring to bots that scoop up inventory.
"Adding Freebie Bots to the mix gives retailers another headache to deal with, one that directly hits their revenues, as they’re compelled to fulfill orders made with pricing errors... It has become very easy for anyone to purchase and utilize a bot – and increasingly difficult for retailers to identify and stop them.”
Crowther told The Record that the products are being resold on Amazon, eBay, Facebook Marketplace, depending on the item.
Some of these community members are netting more than $60,000 in estimated profit, he explained, noting how easy it has become to operate the bots.
Many of the bots are derived from those used during sneaker launches, meaning they are fairly sophisticated and difficult to stop.
“Freebie bots look to take advantage of various types of errors in business logic, such as coupons and promotions, in addition to human error such as decimal point misplacement. Incorrect product description is another error where the price is correct, but the description within isn’t, resulting in a deal that a Freebie bot can pick up on,” he said.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.