Big brands are sending tons of email for Black Friday and Cyber Monday, and so are cybercriminals who impersonate them.
Research by Barracuda shows that attackers are hijacking names like Amazon, Walmart, Kohls, Ray-Ban and Michael Kors, in some cases offering up to80% off products and services.
In the case of Amazon, the attacks contain gift card scam emails. In addition, the scammers are also mimicking brick-and-mortar stores such as Walmart and Kohls
“These mass phishing attacks are sent to thousands of potential holiday shoppers promising time-sensitive gift cards that ultimately send victims to spoofed websites impersonating the companies,” writes Fleming Shi, senior vice president of technology at Barracuda, in an article on the Barracuda blog.
The objective is to ”convince consumers to register or log into what they think is their real Amazon or Walmart account in order to receive a gift card,” Shi continues.
But no gift card arrives, Shi notes. Instead, the cyber felons can gain access to account credentials and credit card information, and they can also track the consumer’s shopping history for targeting in future attacks.
These cyber crooks are using URL shorteners and redirectors to get their emails into inboxes. They are also using URL shorting services, which are not blocked by most security solutions, Shi adds.
The attackers mimic brand sites that might not be familiar to the consumer. These sites are short-lived, but can achieve their objective.
“Recipients don’t need to click on the 'Buy' button in order to be directed to their counterfeit website, because the attackers are embedding malicious domain hyperlinks into every piece of the email, including all of the images and text,” Shi continues. “This means that all it takes is for a victim to click anywhere on the email and they will be redirected to the malicious site.”