Phishing Campaign Targets Black Friday Season

Phishing Campaign Targets Black Friday Season

A continuous spear-phishing attack that takes advantage of Black Friday and Cyber Monday has been detected by security provider Avanan. Threat actors impersonate order confirmation notices and entice victims to try refunds, which directs them to pages that collect credentials.

The phishing email, “Looks like a standard shipment notification. It shows an order confirmation, as well as shipping details, including a tracking number. When searching that tracking number, you’ll find it’s not legitimate, but rather associated with similar scams. The email is also for a brand that, when going to their website, leads to a malicious link. What the hackers want you to do is click on the “Issue a Refund” button. That redirects to a credential harvesting site. The hackers assume that you know you didn’t order from this site–that would encourage you to click on getting a refund. Seems easy enough–and that’s what the hackers would have you do.” Mentioned Avanan.

Security experts offer advice and suggestions to reduce the potential danger, such as,
  • Reviewing all URLs before activating links
  • Double-checking the sender address in emails from unfamiliar senders
  • Not opening attachments
  • Not enter account information on dubious web pages.

No Image - Phishing Campaign Targets Black Friday Season
May 21st, 2024

ISO 27002:2022

Copy link
Powered by Social Snap