This is the first of a two-part series. The holiday season is here. It’s a time for reuniting with family and friends, travel and gift-giving. It’s also a prime time for cybercrime as millions of consumers head to online checkouts on Black Friday, Cyber Monday, Giving Tuesday and throughout the holiday season. Cybercriminals capitalize on this seasonal surge in online spending by ramping up phishing messages and paid online advertisements, tempting shoppers with seemingly fabulous deals hosted on fake online shopfronts with counterfeit checkouts. The same trend is evident inhospitality, where travelers are increasingly targeted through fraudulent booking sites and fake travel promotions. Consumers and businesses should keep their guard up this festive season to prevent scammers from raiding shopping budgets and seasonal revenues.
Online sales in the United States are projected to reach US $240.8 billion in November and December 2024, marking an 8.4% increase from the previous year. The season provides ample opportunities for cybercriminals to profit from the high volume of transactions and growing dependence on digital retail and booking platforms. These online crooks aim to capture sensitive customer data, disrupt operations and exploit trust in well-known brands — all with an eye toward cashing in on the holiday rush.
Our threat intelligence experts are monitoring several key threats in the digital landscape this holiday season. This blog post examines some of these consumer-facing online threatsto the retail, travel and hospitality industries during holiday season, such as phishing and social engineering, fake websites, travel scams and fraudulent booking sites. These threats defraud consumers and erode the hard-earned consumer trust that businesses invest in their brand, logos, names and digital assets. Understanding scammers’ tactics, techniques and procedures (TTPs) helps businesses and consumers detect fraud and other wrongdoings.
In the second part of this two-part series, we’ll examine ransomware threats and their direct impact on operations, security and trust for businesses in these sectors. We also will examine threats to payments and transactions, including gift card fraud and point-of-sale (PoS) system breaches.
Consumer-facing threats in retail
Phishing for access to your accounts
Phishing and social-engineering attacks represent some of the most pernicious cyber threats facing consumers and businesses during the holiday season. These attacks use deceptive communication to manipulate individuals into disclosing personal information, financial details or other sensitive data. The festive rush, amplified by the influx of promotional emails and social media advertisements, provides an ideal environment for these malicious activities. Consumers anticipating legitimate offers from well-known retailers are especially susceptible to these sophisticated scams, which are crafted to emulate the marketing tactics of major brands.
Strategies threat actors employ include:
- Mass email campaigns: Emails that claim to be from reputable retailers often promise exclusive discounts or special offers in an attempt to entice recipients into clicking on links that redirect them to counterfeit online store websites. These sites are meticulously designed to resemble genuine retail sites but may contain subtle errors, such as poor spelling or slight discrepancies in domain names.
- Paid advertisements on social media and search engines: Scammers leverage paid advertisements on social-media platforms and search engines to disseminate their phishing schemes. These advertisements feature appealing deals that lead users to phishing sites where personal and payment information is collected.
- SMS Phishing or “Smishing”: Short message service (SMS) phishing aka smishing involves sending fraudulent text messages that appear to come from legitimate sources, such as banks or popular retailers. These messages may claim there is an issue with the recipient’s account or promote an exclusive offer, prompting them to provide personal information or click on malicious links.
"You have been chosen" scams: Capitalizing on human psychology, scammers send emails or messages claiming the recipient has been selected for a special prize. Individuals are instructed to complete a survey and pay a nominal fee, allegedly for shipping or handling, or provide payment details for a prize draw. These scams are designed to create a sense of urgency, compelling the recipient to act quickly without scrutinizing the legitimacy of the offer.
Warming up for the shopping season with fake online stores
As online shopping peaks, there is a notable surge in the creation of fake websites by cybercriminals. These sites are craftily designed to mimic well-known companies to deceive shoppers into thinking they are making purchases from legitimate sources. The sites are set up to harvest sensitive information such as login credentials, payment details and personal data from unsuspecting consumers. To drive traffic to these deceptive sites, attackers commonly use search engine optimization (SEO) techniques and invest in advertising across search engines and social media platforms. These advertisements frequently offer seemingly unbeatable deals on sought-after items, playing on a sense of urgency and scarcity to attract shoppers.
Intel 471 observed several hundred new websites registered in November 2024 containing the terms "blackfriday" or "black-friday." We noted multiple domains specifically designed to impersonate well-known brands, such as Gymshark with the phishing domain blackfridaygymshark[.]nl, Samsonite with the phishing domain samsoniteblackfriday[.]shop and Amazon with the phishing domain amazonblackfriday[.]store.
