Black Friday shoppers remain targeted by cybercriminals

Lockdown drängt zunehmend auch stationäre Händler in den E-Commerce

Online Shopping

E-commerce traffic increases by around 50 percent

Every year, the long weekend around Black Friday and Cyber Monday marks the start of Christmas shopping. Cybercriminals are using this time of year to deceive unsuspecting online shoppers with phishing, scamming and card-skimming attacks, as the security researchers of the ThreatLabZ team were able to determine.

Some attackers lured their victims with emails promising big discounts, but instead redirected recipients to phishing sites; others injected malicious code into e-commerce sites to steal credit card information. The security researchers observed a huge increase in online shopping transactions during this period. In Europe, this culminated on Black Friday on 26 November. Compared to the previous week, e-commerce traffic increased by around 50 percent.

In addition, the ThreatLabZ team found that numerous new domains were registered in connection with Cyber Monday and Black Friday. Not all of these domains are associated with criminal activities. Nevertheless, users should exercise caution when accessing, especially if domains come up with tempting bargains.

The security researchers also observed the following attack patterns:

  • Grelos is a skimmer group that has been active for 4-5 years. During this time, they have continuously improved their attack techniques and infrastructure. This skimmer group has now been observed attacking e-commerce websites with Cyber Monday offers. To do this, malicious code was injected into websites to intercept credit card data from buyers.
  • The biggest target of skimmer groups in the past was the Magento platform. Meanwhile, other platforms such as WooCommerce have also been targeted. In addition to the injected javascript skimming codes, the security researchers were able to determine that some of the shopping websites were redirected to infected websites. This was achieved by the attackers through an infiltrated malicious code that was responsible for this redirection. All attack patterns ultimately pursued the same goal: to capture payment information of unsuspecting online buyers.


The Zscaler ThreatLabZ team actively tracks campaigns targeting online shoppers and ensures that businesses are protected from this type of attacks. Online shoppers should follow the following basic guidelines to protect their data and money:

  • Make sure that purchases are made on reputable e-commerce websites and use HTTPS/secure connections.
  • Too tempting bargains should make the alarm bells ring. Stay away from offers from unknown sources that are too good to be true. Links on such pages should not be clicked.
  • Only download apps from official app stores, such as Google or Apple.
  • A backup of all documents and media files is also recommended in the private sector, where encryption brings increased protection.

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: