Holiday Shopping and Phishing-as-a-Service

holiday shopping phishing-as-a-service Researchers at Egress observed a massive increase in phishing kits in the run-up to Black Friday, particularly those impersonating Amazon.

“The research, conducted in partnership with Orpheus Cyber, has lifted the lid on how cybercriminals prepare to take advantage of the retail event, reporting a 397% increase in typo squatting domains explicitly tied to phishing kits,” Egress said. “Amazon was a popular choice for cybercriminals, with a 334.1% increase in phishing kits impersonating the brand ahead of its anticipated Black Friday promotions. Amazon was the top brand for fraudulent webpages linked to phishing kits, with researchers observing almost 4,000 pages imitating the brand – three times as many as those detected for the popular online auction site eBay and over four times as many as for retail giant Walmart.”

Jack Chapman, Egress’s Vice President of Threat Intelligence, stated that people should continue to be vigilant throughout the rest of the holiday shopping season.

“We all want to buy our loved ones the best possible Christmas present and net a bargain price in the Black Friday sales, and each year cybercriminals use this to their advantage,” Chapman said. “PhaaS has lowered the barriers to entry for cybercriminals, making it easy to impersonate well-known brands and trick victims. The recent increase in the number of phishing kits listed for sale highlights the criminals’ appetite for carrying out attacks during busy shopping periods.

Chapman added that people should be particularly cautious with emails that purport to offer shopping discounts.

“Our research uncovered the behind-the-scenes activity of cybercriminals as they prepare to take advantage of unsuspecting victims this holiday period, highlighting the ease with which they’re able to impersonate brands such as Amazon,” Chapman said. “As we approach Christmas, I’d urge everybody to take extreme caution when it comes to unexpected offers and discounts – and if you’ve received an email that you think looks suspicious, don’t click any links and don’t download any attachments.”

New-school security awareness training can enable your employees to follow security best practices so they can avoid falling for social engineering attacks.

Egress has the story.

Get Your Free 2023 Holiday Security Awareness Resource Kit

It's the busiest time of year for everyone, especially cybercriminals. They know surges in online shopping, holiday travel and time constraints can make it easier to catch users off their guard with relevant schemes. This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

That's why we put together this resource kit to help ensure no chunks of cyber-coal end up in your employees’ stockings this season! Use these resources to help your users make smarter security decisions every day.

Here's what you'll get:

New! Holiday Cybersecurity World Passport interactive game

Two free holiday training modules, available in multiple languages

Resources to share with your users, including an educational video, plus security documents and digital signage to reinforce the free modules included in the kit

Newsletters about holiday shopping and travel safety for your users

Access to resources for you to help with security planning for the upcoming year