Until the 28th of November, a peak in consumption is expected due to the Black Friday e Cyber Mondaytwo of the biggest online shopping moments in 2022. However, it is also a golden opportunity for an increase in attempted cyberattacks.
The alert is issued by S21sec and should not leave anyone indifferent. Faced with a climate of inflation plaguing the world economy, essential goods have never been so expensive, nor the cost of living so high. As such, the increase in online crime is just one more reflection of this adverse scenario in which poverty already lurks in every new invoice that arrives at our house.
Black Friday and Cyber Monday are attractive “targets” for online fraud
This year, since the beginning of the war between Russia and Ukraine, fuel prices have reached record levels and the energy conflict has spread to the whole world.
In this context, also taking advantage of these days of offers, hackers take advantage of the crisis and general uncertainty surrounding fuel prices. All to attract potential victims by spreading fake offers and discounts.
This type of fraud is done by campaigns phishing🇧🇷 This is an attack technique based on social engineering that aims to trick the user into sharing all kinds of personal information. Information such as passwords, sensitive data, account numbers, etc.
Phishing is a recurring threat in times of online shopping
The most common type of phishing during the Black Friday and Cyber Monday campaign is the traditional Phishing by e-mail🇧🇷 That is, cyber criminals compose an email that they send to different addresses pretending to be real companies that offer discounts these days.
This type of fraud also can reach via WhatsApp, increasing the risks and scope of the attack. This is because the manipulated message or file can be forwarded to different contacts very quickly and easily.
In this sense, S21sec has already registered numerous phishing campaigns distributed by WhatsApp under the name of powerful multinational brands. That is, a deception with the potential to quickly spread through social networks and messaging apps.
Schemes spread by email and even WhatsApp
At the same time, another of the techniques used at this time of the year is the smishing🇧🇷 That is, sending SMS messages informing the victim that, for example, their order could not be delivered normally due to non-payment or that the order was held up at customs.
the text message usually includes a URL (link) scam, apparently legitimate, asking the victim to provide their bank details to make the payment.
Furthermore, the malware is another methodology used by hackers through emails with malicious attachments designed to infect victims. They do this to steal information or to make computers part of a botnet.
Beware of some SMS messages
That is, a network of infected computers that can be remotely controlled and forced to send spam, spread malware or carry out a DDoS attack. All this, as is easily understood, without the authorization of the owner of the device.
also the e-skimming should be highlighted, as it is a technique used by cybercriminals to obtain bank and personal information from legitimate online stores and then sell it on the black market.
Access to these online stores is gained by phishing campaigns. They also do so by exploiting unpatched vulnerabilities in the content management system without leaving any trace of the crime committed.
E-skimming generally affects online stores that have the payment gateway within the store’s own domain, because all the information is managed by the store itself.
However, it can also affect online stores that use a third-party gateway, because even if the card details are not managed by the store, customer information can be stolen.
S21sec’s recommendations for these days are as follows:
Be wary of emails in which great offers are published, as hackers take advantage of these discount campaigns to carry out attacks, resorting to social engineering.Ignore email messages from unknown and/or unverified senders, as well as their attachments, and report suspicious email messages to the security team. Avoid downloading attachments, software and other files from unreliable sources.In authentication processes, it is recommended to always verify that the link is legitimate.Do not provide personal credentials unless you are sure that the recipient is trustworthy .Do not fill in forms or send any personal data on unreliable sites.Keep the operating system and applications up to date. It’s important to keep antivirus and other detection and/or prevention programs up to date, as new malware samples are added to their databases on a daily basis.
Aroged editors recommend: