In the last few weeks, tens of thousands of potential scams involving brand names have been discovered, cybersecurity firms are warning.
In a separate report, Check Point said that more than 1,700 domains, which look similar to the amazon.com domain have been registered in recent months. The sites, such as “amaz0n-jp[.]com,” are meant to mimic legitimate sites.
And in the first half of November, the use of e-commerce phishing websites has more than doubled since last November’s peak, up by 233 percent, Check Point said.
The goal, like all scams, is to trick shoppers to input personal information in order to steal credit card data.
The lure is fake gift cards or discounts and even charity-giving, ZeroFOX said.
Keywords like “coupon” or “deal” or “free” are used to get shoppers’ attention. Then there is a “call to action” to try to get the victim to log in or verify an account, purportedly to get the reward, according to ZeroFOX.
Scammers are active on social media with hashtags such as “#blackfriday” or “#cybermonday” or “#giveaway.”
“This makes these posts more likely to be shown to social media users, based on the social platform’s algorithms, and also makes them searchable,” ZeroFOX said.
“Similarly, scammers may leverage fake accounts to like and share or retweet these scam posts, giving them more legitimacy,” the cybersecurity firm added.
The bad guys also use Google Chrome extensions – small software programs that you install to customize how you browse – to spread malware.
One Chrome extension had over 60,000 installs with dozens of negative reviews complaining about data theft and malware, ZeroFOX said.
Black Friday invariably means a big spike in scams.
“Legitimate giveaways rarely ask for anything more than an email address. A promotion requesting anything further is likely a scam,” ZeroFOX said.
Also, be sure the URL, or web address, is legitimate. A rule of thumb that all cybersecurity experts advise is never clicking on a link in an email or text. Rather, go directly to the retailer’s or brand's website via your browser. And use special caution when interacting with promotional sites. “If a promotion sounds too good to be true, it probably is,” ZeroFOX said.
Finally, consider using another email address – not your primary email – for promotional entries.