The Check Point Research team has found a surge in hacker activity over the past six weeks – the number of phishing attacks in the run-up to Black Friday has doubled.
The fact is that due to restrictions associated with COVID-19, online shopping has reached a new level this year, and the number of online purchases on Black Friday and Cyber Monday breaks all records. Of course, the attackers could not stand aside.One of the first signs of the elevated activity was the unprecedented increase in consumer spending on November 11: on this day, China hosts the world’s largest online shopping festival, timed to coincide with Bachelor’s Day. Sales this year supposedly will beat previous record of $74,000,000,000, according to Alibaba. Sales are expected to continue to grow.
In four weeks (from October 8 to November 9), the number of phishing emails with “special offers” has doubled worldwide: from 121 cases per week in October to 243 cases per week by the beginning of November.
- In the first half of November, the number of phishing emails related to sales and special offers from stores increased by 80%. Such emails contained the words “sale”, “% off” and others related to bargain purchases.
- While in early October one out of 11,000 emails related to the November discount season was phishing, in November 1 out of 826 emails turned out to be malicious.
- In just two days (November 9 and 10), the number of phishing attacks with “special offers” was higher than in the first seven days of October.
As an example, Check Point researchers selected one of the recently discovered phishing emails that the attackers wrote on behalf of the jewellery brand Pandora.
- Email subject: “Cyber Monday | Only 24 Hours Left!” (Topic: “Cyber Monday | Only 24 Hours Left!”)
- Sender: Pandora Jewellery (no-reply\@amazon\.com) (From: Pandora Jewellery (no-reply\@amazon\.com))
Despite the fact that the sender field contains the Amazon domain, neither the body of the letter nor the links mentions Amazon. During the audit, it turned out that the email address from which the mailing was carried out was forged in such a way that it seemed as if the letter came from Amazon.
Two links from the letter lead to a site that misleads the recipient: the letter was allegedly sent by the Pandora jewellery company. One of the indicators that the letter is a fake is a spelling error in the word “jewelry”. The links in the letter first led to www[.]wellpand[.]com, and a few days later – to a similar site www[.]wpdsale[.]com.
Another proof that the letter was fake was the fact that both sites were registered between late October and early November, shortly before the mailing took place.
Further analysis showed that both sites, the links to which were present in the letter, copied the official site of the Pandora brand. According to Check Point, the victims of this phishing attack were users from the US, UK and Bulgaria.
Also, as we wrote, Gmail blocks 18 million emails related to the COVID-19 subject per week.