Soldier
Essential
- Joined
- 20.10.20
- Messages
- 87
- Reaction score
- 642
- Points
- 83
The Check Point Research team found a spike in hacker activity over the past six weeks. The fact is that due to the restrictions associated with COVID-19, online shopping has reached a new level this year, and the number of online purchases on black Friday and cyber Monday is breaking all records. Of course, the attackers could not stay away.
One of the first signs of increased activity was an unprecedented increase in consumer spending on November 11: on this day, China hosts the world's largest online shopping festival, dedicated to bachelor's Day. According to Alibaba, this year's sales double the previous year's record of $ 74,000,000,000. In Russia, according to AliExpress Russia, sales of goods on the platform during the sale period amounted to 19,300,000,000 rubles. The turnover of the Russian sellers over 3 300 000 000 roubles — in comparison with last year this indicator increased by 1.3 times. Sales are expected to continue to grow.
However, not only stores and customers are preparing for the boom in online shopping, but hackers are also mobilizing to make money on the discount hype. Check Point Research researchers write about a surge in hacker activity, accompanied by an increase in phishing attacks under the guise of" special offers " aimed at users of online stores.
In four weeks (between October 8 and November 9), the number of phishing mailings with "special offers" doubled worldwide: from 121 cases per week in October to 243 cases per week by the beginning of November.
In the first half of November, the number of phishing mailings related to sales and special offers from stores increased by 80%. Such emails contained the words "sale", "% off " and others related to profitable purchases.
If at the beginning of October, one of the 11,000 emails related to the November discount season was phishing, in November, 1 email out of 826 was malicious.
In just two days (November 9 and 10), the number of phishing attacks with "special offers" was higher than in the first seven days of October.
As an example, Check Point researchers chose one of the recently discovered phishing emails that the attackers made up on behalf of the Pandora jewelry brand.
Email subject: "Cyber Monday | Only 24 Hours Left!" (Subject: "Cyber Monday | only 24 hours Left!»)
Sender: Pandora jewelry (no-reply\@amazon\.com) (From: Pandora jewelry (no-reply\@amazon\.com))
Despite the fact that the sender field contains the Amazon domain, Amazon is not mentioned in the message text or in the links. During verification, it turned out that the email address from which the newsletter was sent was forged in such a way that it seemed as if the email came from Amazon.
Two links from the email lead to a site that misleads the recipient: the email was allegedly sent by the jewelry company Pandora. One of the indicators that the letter is fake is a spelling error in the word "jewelry". The links in the email first led to the www [website.]wellpand[.] com, and a few days later - to a similar site www[.]wpdsale[.]com.
The fact that both sites were registered between the end of October and the beginning of November, shortly before the mailing list was sent, was another proof that the email was fake. Further analysis showed that both sites that were referenced in the email copied the official site of the Pandora brand. According to Check Point, the victims of this phishing attack were users from the United States, great Britain and Bulgaria.
One of the first signs of increased activity was an unprecedented increase in consumer spending on November 11: on this day, China hosts the world's largest online shopping festival, dedicated to bachelor's Day. According to Alibaba, this year's sales double the previous year's record of $ 74,000,000,000. In Russia, according to AliExpress Russia, sales of goods on the platform during the sale period amounted to 19,300,000,000 rubles. The turnover of the Russian sellers over 3 300 000 000 roubles — in comparison with last year this indicator increased by 1.3 times. Sales are expected to continue to grow.
However, not only stores and customers are preparing for the boom in online shopping, but hackers are also mobilizing to make money on the discount hype. Check Point Research researchers write about a surge in hacker activity, accompanied by an increase in phishing attacks under the guise of" special offers " aimed at users of online stores.
In four weeks (between October 8 and November 9), the number of phishing mailings with "special offers" doubled worldwide: from 121 cases per week in October to 243 cases per week by the beginning of November.
In the first half of November, the number of phishing mailings related to sales and special offers from stores increased by 80%. Such emails contained the words "sale", "% off " and others related to profitable purchases.
If at the beginning of October, one of the 11,000 emails related to the November discount season was phishing, in November, 1 email out of 826 was malicious.
In just two days (November 9 and 10), the number of phishing attacks with "special offers" was higher than in the first seven days of October.
As an example, Check Point researchers chose one of the recently discovered phishing emails that the attackers made up on behalf of the Pandora jewelry brand.
Email subject: "Cyber Monday | Only 24 Hours Left!" (Subject: "Cyber Monday | only 24 hours Left!»)
Sender: Pandora jewelry (no-reply\@amazon\.com) (From: Pandora jewelry (no-reply\@amazon\.com))
Despite the fact that the sender field contains the Amazon domain, Amazon is not mentioned in the message text or in the links. During verification, it turned out that the email address from which the newsletter was sent was forged in such a way that it seemed as if the email came from Amazon.
Two links from the email lead to a site that misleads the recipient: the email was allegedly sent by the jewelry company Pandora. One of the indicators that the letter is fake is a spelling error in the word "jewelry". The links in the email first led to the www [website.]wellpand[.] com, and a few days later - to a similar site www[.]wpdsale[.]com.
The fact that both sites were registered between the end of October and the beginning of November, shortly before the mailing list was sent, was another proof that the email was fake. Further analysis showed that both sites that were referenced in the email copied the official site of the Pandora brand. According to Check Point, the victims of this phishing attack were users from the United States, great Britain and Bulgaria.