Holiday Shopping and Phishing-as-a-Service



holiday shopping phishing-as-a-serviceResearchers at Egress observed a massive increase in phishing kits in the run-up to Black Friday, particularly those impersonating Amazon.

“The research, conducted in partnership with Orpheus Cyber, has lifted the lid on how cybercriminals prepare to take advantage of the retail event, reporting a 397% increase in typo squatting domains explicitly tied to phishing kits,” Egress said. “Amazon was a popular choice for cybercriminals, with a 334.1% increase in phishing kits impersonating the brand ahead of its anticipated Black Friday promotions. Amazon was the top brand for fraudulent webpages linked to phishing kits, with researchers observing almost 4,000 pages imitating the brand – three times as many as those detected for the popular online auction site eBay and over four times as many as for retail giant Walmart.”

Jack Chapman, Egress’s Vice President of Threat Intelligence, stated that people should continue to be vigilant throughout the rest of the holiday shopping season.

“We all want to buy our loved ones the best possible Christmas present and net a bargain price in the Black Friday sales, and each year cybercriminals use this to their advantage,” Chapman said. “PhaaS has lowered the barriers to entry for cybercriminals, making it easy to impersonate well-known brands and trick victims. The recent increase in the number of phishing kits listed for sale highlights the criminals’ appetite for carrying out attacks during busy shopping periods.

Chapman added that people should be particularly cautious with emails that purport to offer shopping discounts.

“Our research uncovered the behind-the-scenes activity of cybercriminals as they prepare to take advantage of unsuspecting victims this holiday period, highlighting the ease with which they’re able to impersonate brands such as Amazon,” Chapman said. “As we approach Christmas, I’d urge everybody to take extreme caution when it comes to unexpected offers and discounts – and if you’ve received an email that you think looks suspicious, don’t click any links and don’t download any attachments.”

New-school security awareness training can enable your employees to follow security best practices so they can avoid falling for social engineering attacks.

Egress has the story.


Get Your Free 2024 Holiday Security Awareness Resource Kit

It’s not just you and your organization getting busier during the holiday season. Cybercriminals are also working overtime! This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

That's why we put together this resource kit to help ensure cybercriminals’ extra effort this season is for nothing! Use these resources to help your users make smarter security decisions every day.

Holiday-Resource-Kit-2024Here's what you'll get:

  • New! The Gift of Awareness: Holiday Cybersecurity Essentials training module
  • Two free holiday training modules, available in multiple languages
  • Security documents and digital signage to reinforce the free modules included in the kit to share with your users
  • Newsletters about holiday shopping and travel safety for your users
  • Resources for you to help with security planning for the upcoming year

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/free-holiday-resource-kit

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews