E-commerce traffic increases by around 50 percent
Every year, the long weekend around Black Friday and Cyber Monday marks the start of Christmas shopping. Cybercriminals are using this time of year to deceive unsuspecting online shoppers with phishing, scamming and card-skimming attacks, as the security researchers of the ThreatLabZ team were able to determine.
Some attackers lured their victims with emails promising big discounts, but instead redirected recipients to phishing sites; others injected malicious code into e-commerce sites to steal credit card information. The security researchers observed a huge increase in online shopping transactions during this period. In Europe, this culminated on Black Friday on 26 November. Compared to the previous week, e-commerce traffic increased by around 50 percent.
In addition, the ThreatLabZ team found that numerous new domains were registered in connection with Cyber Monday and Black Friday. Not all of these domains are associated with criminal activities. Nevertheless, users should exercise caution when accessing, especially if domains come up with tempting bargains.
The security researchers also observed the following attack patterns:
- Grelos is a skimmer group that has been active for 4-5 years. During this time, they have continuously improved their attack techniques and infrastructure. This skimmer group has now been observed attacking e-commerce websites with Cyber Monday offers. To do this, malicious code was injected into websites to intercept credit card data from buyers.
The Zscaler ThreatLabZ team actively tracks campaigns targeting online shoppers and ensures that businesses are protected from this type of attacks. Online shoppers should follow the following basic guidelines to protect their data and money:
- Make sure that purchases are made on reputable e-commerce websites and use HTTPS/secure connections.
- Too tempting bargains should make the alarm bells ring. Stay away from offers from unknown sources that are too good to be true. Links on such pages should not be clicked.
- Only download apps from official app stores, such as Google or Apple.
- A backup of all documents and media files is also recommended in the private sector, where encryption brings increased protection.