For all its festivity, the holiday season can be a stressful time for many people, considering challenges with finances and family strife. Here’s one more thing to worry about: a surge in phishing kits that imitate major brands -- especially Amazon.
Unsuspecting victims may download an attachment in an email that seems to be from a brand they trust and end up being served malware, according to “Holiday phishing season: Your guide to staying scam-safe,” a study by email security firm Egress, conducted with Orpheus Cyber.
There has been a 334.1$ increase in phishing kits impersonating brands ahead of their anticipated Black Friday promotions, and a 307% increase in typosquatting domains tied to phishing kits, the study reports.
What’s a phishing kit? It’s crime-as-a-service technology that has “greatly lowered the technical and monetary barriers of entry to cybercrime,” Egress explains.
The top brand for fraudulent webpages this year is Amazon, with a
55% increase in kits targeting the brand in October and November. In addition, Egress saw 6,643 active typosquatting domains being set up to target holiday shoppers.
What’s typosquatting? This happens when consumers enter URLs incorrectly — for instance, www.amazan.com.
Cyber criminals can quickly jump on such an error. Amazon is the most utilized brand here. Egress tracked 3,850 active domains — three times those of eBay and four times as many as Walmart.
Researchers uncovered 200 new phishing kits containing imitation Amazon emails available on dark and clear web forums in the week before Black Friday. Some sold for as little as $40.
Also seen were fake Amazon Black Friday promotions, one of which attempted to snooker recipients with an Amazon coupon that supposedly could be redeemed by completing an attached form.
What the victims got in that attachment was XBAgent malware.
Researchers also observed a dark web forum that showed a user applying a Black Friday discount to a custom inbox validation tool.
“The tool is “likely used by cybercriminals to anonymously access email inboxes and validate the credentials they’ve stolen via phishing,” Egress writes.
And for $60, would-be felons
can buy "an Amazon phishing kit capable of supporting multiple languages (English, French, German, Japanese)."
Such kits can farm "email logins from providers including Gmail, Outlook, Love, Yahoo and Yahoo Japan, and AOL. It then prompts users to take pictures of their credit cards to steal their payment information," the report continues.
Phishing as a service (PhaaS) has "lowered the barriers to entry for cybercriminals, making it easy to impersonate well-known brands and trick victims," states Jack Chapman, vice president of threat intelligence for Egress.
What can consumers do? "As we approach Christmas, I’d urge everybody to take extreme caution when it comes to unexpected offers and discounts – and if you’ve received an email that you think looks suspicious, don’t click any links and don’t download any attachments," Chapman advises.