Don’t let cybercriminals ruin your revenues and reputation this festive season.
This is the first of a two-part series. The holiday season is here. It’s a time for reuniting with family and friends, travel and gift-giving. It’s also a prime time for cybercrime as millions of consumers head to online checkouts on Black Friday, Cyber Monday, Giving Tuesday and throughout the holiday season. Cybercriminals capitalize on this seasonal surge in online spending by ramping up phishing messages and paid online advertisements, tempting shoppers with seemingly fabulous deals hosted on fake online shopfronts with counterfeit checkouts. The same trend is evident inhospitality, where travelers are increasingly targeted through fraudulent booking sites and fake travel promotions. Consumers and businesses should keep their guard up this festive season to prevent scammers from raiding shopping budgets and seasonal revenues.
Online sales in the United States are projected to reach US $240.8 billion in November and December 2024, marking an 8.4% increase from the previous year. The season provides ample opportunities for cybercriminals to profit from the high volume of transactions and growing dependence on digital retail and booking platforms. These online crooks aim to capture sensitive customer data, disrupt operations and exploit trust in well-known brands — all with an eye toward cashing in on the holiday rush.
Our threat intelligence experts are monitoring several key threats in the digital landscape this holiday season. This blog post examines some of these consumer-facing online threatsto the retail, travel and hospitality industries during holiday season, such as phishing and social engineering, fake websites, travel scams and fraudulent booking sites. These threats defraud consumers and erode the hard-earned consumer trust that businesses invest in their brand, logos, names and digital assets. Understanding scammers’ tactics, techniques and procedures (TTPs) helps businesses and consumers detect fraud and other wrongdoings.
In the second part of this two-part series, we’ll examine ransomware threats and their direct impact on operations, security and trust for businesses in these sectors. We also will examine threats to payments and transactions, including gift card fraud and point-of-sale (PoS) system breaches.
Phishing and social-engineering attacks represent some of the most pernicious cyber threats facing consumers and businesses during the holiday season. These attacks use deceptive communication to manipulate individuals into disclosing personal information, financial details or other sensitive data. The festive rush, amplified by the influx of promotional emails and social media advertisements, provides an ideal environment for these malicious activities. Consumers anticipating legitimate offers from well-known retailers are especially susceptible to these sophisticated scams, which are crafted to emulate the marketing tactics of major brands.
Strategies threat actors employ include:
"You have been chosen" scams: Capitalizing on human psychology, scammers send emails or messages claiming the recipient has been selected for a special prize. Individuals are instructed to complete a survey and pay a nominal fee, allegedly for shipping or handling, or provide payment details for a prize draw. These scams are designed to create a sense of urgency, compelling the recipient to act quickly without scrutinizing the legitimacy of the offer.
The image depicts a screenshot of a phishing email leveraging the “you have been chosen” theme captured Nov. 24, 2024.
As online shopping peaks, there is a notable surge in the creation of fake websites by cybercriminals. These sites are craftily designed to mimic well-known companies to deceive shoppers into thinking they are making purchases from legitimate sources. The sites are set up to harvest sensitive information such as login credentials, payment details and personal data from unsuspecting consumers. To drive traffic to these deceptive sites, attackers commonly use search engine optimization (SEO) techniques and invest in advertising across search engines and social media platforms. These advertisements frequently offer seemingly unbeatable deals on sought-after items, playing on a sense of urgency and scarcity to attract shoppers.
Intel 471 observed several hundred new websites registered in November 2024 containing the terms "blackfriday" or "black-friday." We noted multiple domains specifically designed to impersonate well-known brands, such as Gymshark with the phishing domain blackfridaygymshark[.]nl, Samsonite with the phishing domain samsoniteblackfriday[.]shop and Amazon with the phishing domain amazonblackfriday[.]store.
Intel 471 discovered a new Android trojan, FvncBot, that masquerades as a security application for mBank, a major Polish bank. Our Malware Intelligence team analyzed its code, which is new and not based on other leaked malware code.
Malware distribution campaigns that trick people into copying and pasting malicious commands, known as ClickFix, have been wildly successful. Here's an examination of ClickFix and how to defend against it.
Payment card "checkers" are used by criminal hackers to check the validity of stolen payment card details. Here's how this in-demand underground service works.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.