14 malware families have been discovered as part of an elaborate scam aimed at users shoppers of major e-commerce sites looking for pre-Black Friday deals.
We’re all gearing up for some level of online purchasing for the holidays. The lure of great deals is enough to get any shopper paying attention to promotions of sales on items they want. And that’s exactly the emotional connection cybercriminals need to trick shoppers into becoming victims.
According to Kaspersky Labs, cybercriminals are actively taking advantage of the rush to buy for the holidays with trojans used to intercept users’ credentials, or phishing pages designed to capture website logins.
It’s actually quite brilliant: send out a well-crafted spoofed email purporting to be a known online brand promoting a massive discount or desired item on sale. The recipient gets excited about the prospect of getting that wanted item on the cheap. Then either take the recipient to a fake logon page or attempt to install malware to track logons.
Captured web credentials can sell on the dark web anywhere from $1.50 to over $5 each, with most selling for just about $2. A small price to pay, given that many e-commerce sites have stored credit card details used for quick purchases.
Given that 75% of your employees will engage in some amount of online shopping over Black Friday and Cyber Monday, it’s important for them to know these scams are in full swing, looking to fool them out of their online credentials. The most effective way to educate users on this scam, and the thousands more that will come after it is through Security Awareness Training. Rather than just having an employee focus on the details of one scam, educating them on the need to be security-conscious when interacting with email and the web is far more effective in reducing the risk of becoming a victim.
Find out if your own domain has an evil twin with the brand-new Domain Doppelgänger tool
Phishing is still the most widely used cyber attack vector, and criminal attack campaigns often use spoofed websites to deceive your users so they simply allow the bad guys to take over your network.
Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.
Better yet, with these results you can now generate an online assessment test to see what your users are able to recognize as “safe” domains for your organization. You then receive a summary of the test results to understand how security-aware your users are when it comes to identifying potentially fraudulent or phishy domains.
With Domain Doppelgänger, you can:
Search for existing and potential look-alike domains
- Get a report with aggregated results that includes risk indicators, and
- Generate an online “domain safety” quiz based on the results to administer to your end users
This is a complimentary tool and will take only a few minutes. Domain Doppelgänger helps you find the threat before it is used against you.
Find your look-alike domains here:
Don't like to click on redirected buttons? Copy & paste this link into your browser: