Black Friday sales: agencies warn of hackers masquerading behind fake websites

New Delhi: As Black Friday, a day after US holiday of Thanksgiving, associated with a boom in shopping every year spreads across the globe, hackers are targeting the customers through fake websites to steal data and credentials.

According to the report by cybersecurity agencies, threat actors are hosting websites for malicious campaigns centred on the Black Friday theme in which e-commerce, crypto currency and travel are the top targets.

Researchers found cybercrime forums across various languages are rife with chatter about Black Friday.

While some actors are promoting their malicious services/campaigns, others are looking to avail them, according to CloudSEK researchers who also discovered an Ethereum giveaway scam website.

"Compromised personal identifiable information (PII) and banking credentials can be used to perform unauthorised transactions and social engineering attacks," they warned.

CloudSEK's contextual AI digital risk platform 'XVigil' discovered hundreds of Black Friday-themed domains registered and operational.

Common forms of attacks included the impersonation of legitimate websites, services for Google/Facebook ads, and the spread of malicious applications.

"Various elements come into play here, right from hosting a website to gaining critical information of victims by using different techniques. Threat actors are constantly looking for opportunities to siphon crucial data or money," said Rishika Desai, Cyber Threat Researcher, CloudSEK.

The finding showed that website cloning is a common technique used by hackers of all levels of sophistication to host fake instances of legitimate websites.

"The iconic Black Friday sale has become a global theme now where cybercriminals at every level and expertise try their best to launch malicious campaigns. Most of these campaigns misuse or impersonate popular brands and companies providing sales and services to cheat the public," Desai added.

The researchers advised to be aware of the freebies, attractive deals and seemingly suspicious third-party solutions.

-IANS Inputs

Tags: