Phishing Attacks Double Ahead of Black Friday and Cyber Monday

By Ava McKinneyOnline Safety

Phishing Attacks Double Ahead of Black Friday and Cyber Monday

The Check Point Research team has detected a surge in hacker activity over the past six weeks, just before Black Friday and Cyber Monday. Due to COVID-19 restrictions, online shopping has reached new heights this year, with record-breaking numbers of purchases during these major sales events. Naturally, cybercriminals have taken notice.

Record Online Shopping Spurs Cybercrime

One of the first signs of increased hacker activity was the unprecedented spike in consumer spending on November 11, which is Singles’ Day in China—the world’s largest online shopping festival. According to Alibaba, sales this year doubled last year’s record, reaching $74 billion. In Russia, AliExpress Russia reported sales of 19.3 billion rubles during the sale period, with Russian sellers’ turnover exceeding 3.3 billion rubles—a 1.3 times increase over last year. Sales volumes are expected to keep growing.

But it’s not just stores and shoppers preparing for the online shopping boom—cybercriminals are mobilizing to cash in on the sales frenzy. Check Point Research reports a spike in hacker activity, particularly a rise in phishing attacks disguised as “special offers” targeting online shoppers.

Phishing Attacks on the Rise

Between October 8 and November 9, the number of phishing emails with “special offers” doubled worldwide—from 121 cases per week in October to 243 cases per week by early November.

In the first half of November, phishing emails related to sales and special offers from stores increased by 80%. These emails often included words like “sale,” “% off,” and other phrases associated with bargains. While in early October only one in 11,000 emails related to the November sales season was phishing, by November, one in every 826 such emails was malicious.

In just two days (November 9 and 10), the number of phishing attacks with “special offers” exceeded the total for the first seven days of October.

Example: Fake Pandora Jewelry Email

Check Point researchers highlighted a recently discovered phishing email crafted to appear as if it came from the jewelry brand Pandora.

  • Email subject: “Cyber Monday | Only 24 Hours Left!”
  • Sender: Pandora Jewellery ([email protected])

Although the sender’s address used the Amazon domain, neither the email text nor the links mentioned Amazon. Investigation revealed that the sender’s email address was spoofed to make it look like the message came from Amazon.

Two links in the email led to a website designed to mislead recipients into thinking the message was from Pandora. One giveaway was a spelling error in the word “jewelry.” Initially, the links directed users to www[.]wellpand[.]com, and a few days later to a similar site, www[.]wpdsale[.]com.

Another sign of a scam was that both sites were registered between late October and early November, just before the phishing campaign began. Further analysis showed that both sites copied the official Pandora website. According to Check Point, victims of this phishing attack included users in the United States, the United Kingdom, and Bulgaria.

Leave a Reply