Phishing emails double in run up to Black Friday, Cyber Monday


Researchers with cybersecurity firm Check Point on Tuesday reported a spike in hacker activity over the past six weeks, with a surge in malicious phishing campaigns targeting online shoppers in the form of “special offers.”

This year has already been a record-breaker in terms of online shopping as a result of Covid-19 related restrictions and concerns, and more records are expected to be set in the run-up to Black Friday and Cyber Monday at the end of this month.

In the four weeks from October 8-November 9, the number of weekly “special offers” related phishing campaigns have doubled globally, rising to 243 in the beginning of November, compared to 121 at the start of October, said the report.

The first half of November showed an 80 per cent increase in phishing campaigns relating to sales and shopping special offers, with emails including phrases such as “special”, “offer”, “sale”, and “cheap.”

The researchers found that one out of every 826 emails is a phishing email related to November shopping days, compared to less than one in 11,000 phishing emails at the start of October.

How to stay safe and shop in confidence?

In the same way shoppers hunt for bargains, hackers will be phishing for victims.

So Check Point researchers recommended that shoppers should beware of “too good to be true” bargains.

This will be tough to do, as Black Friday and Cyber Monday are all about great offers. But, if it seems way too good to be true, it probably is.

Go with your gut: an 80 per cent discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity, Check Point said.

Moreover, while one should never share their credentials, they should always be suspicious of password reset emails.

A close attention to the language in the email can help users to spot phishiing emails.

“Avoid buying something online using your payment details from a website that does not have secure sockets layer (SSL) encryption installed,” said the report.

“To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag,” it added.

The data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analysed in ThreatCloud.

ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles, the company said.




Please enter your comment!
Please enter your name here