14 malware families have been discovered as part of an elaborate scam aimed at users shoppers of major e-commerce sites looking for pre-Black Friday deals.
We’re all gearing up for some level of online purchasing for the holidays. The lure of great deals is enough to get any shopper paying attention to promotions of sales on items they want. And that’s exactly the emotional connection cybercriminals need to trick shoppers into becoming victims.
According to Kaspersky Labs, cybercriminals are actively taking advantage of the rush to buy for the holidays with trojans used to intercept users’ credentials, or phishing pages designed to capture website logins.
It’s actually quite brilliant: send out a well-crafted spoofed email purporting to be a known online brand promoting a massive discount or desired item on sale. The recipient gets excited about the prospect of getting that wanted item on the cheap. Then either take the recipient to a fake logon page or attempt to install malware to track logons.
Captured web credentials can sell on the dark web anywhere from $1.50 to over $5 each, with most selling for just about $2. A small price to pay, given that many e-commerce sites have stored credit card details used for quick purchases.
Given that 75% of your employees will engage in some amount of online shopping over Black Friday and Cyber Monday, it’s important for them to know these scams are in full swing, looking to fool them out of their online credentials. The most effective way to educate users on this scam, and the thousands more that will come after it is through Security Awareness Training. Rather than just having an employee focus on the details of one scam, educating them on the need to be security-conscious when interacting with email and the web is far more effective in reducing the risk of becoming a victim.
** Optrics Inc. is an Authorized KnowBe4 partner
The original article can be found here: