6 min read

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Alina BÎZGĂ

November 16, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

As the biggest sales event of the year looms large, online crooks are starting to target eager consumers looking to save big on Black Friday.

Every year during Black Friday and Cyber Monday, scammers and identity thieves take advantage of the shopping frenzy by pumping out email-based schemes designed to trick buyers out of their money and personal information.

This shopping season is no exception. Researchers at Bitdefender Antispam Lab have been on the hunt these past weeks for new custom scams threatening consumers’ wallets on Black Friday.

But first, let’s look at the evolution of Black Friday-themed spam this year

Although bespoke emails were sparse between Oct 26 and Nov 6, the rate of unsolicited Black Friday emails peaked on Nov 9, when 26% of all Black Friday-related correspondence (during the Oct 26-Nov 9 timeline) was delivered to consumers, according to Bitdefender Antispam researchers (see Figure 1 for spam rate evolution).

Key notes:

  • 27% of all Black Friday spam emails (by volume) were received by shoppers in the US and 24% reached users in Ireland, according to Bitdefender telemetry (see Figure 2)
  • 49% of all Black Friday-related spam (by volume) were sent from IP addresses in the US, 16% from Germany, 13% from Bulgaria and 5% in France (see Figure 3)
  • 56% of all Black Friday spam (by volume) received between Oct 26 and Nov 9 was marked as a scam

What’s in store this year

Subject lines of Black Friday-themed spam range from huge discounts on designer bags and sunglasses to traditional marketing ads and giveaway scams. Here are some of our top picks in English.

  • black friday sale louis vuitton bags up to 86 off shop online now
  • black friday ray ban oakley costa sunglasses up to 90 off shop online now
  • cyber monday starts now but only for you
  • 25 nov 2022 is black Friday
  • Claim Your $500 Home Depot Gift Card Now!
  • claim your 100 walmart reward just in time for black Friday
  • the black friday countdown has begun

While Black Friday officially kicks off in the US on Nov 25, many retailers around the globe begin celebrating two weeks ahead of schedule, giving scammers plenty of leeway to test and perfect their schemes. Localized correspondence aimed at Germany, Italy and France has the following subject lines:

  • profitezvite de nosoffresspéciale
  • einenganzenmonatfreitagjetztbiszu 77 sparen
  • richiedi un prestito per te 200 di buoni  in regalo
  • fwd a  paypalgutscheingewinnen
  • black friday sale 70 rabatt auf sofort

Deep dive into Black Friday scams

Louis Vuitton and Ray Ban sales scams

Spam campaigns leveraging big sales on designer bags and accessories, including Louis Vuitton bags and Ray Bans, are a staple that can also be observed during the holiday shopping season. Don’t fall for the impressive discounts that sound too good to be true. These scam campaigns will guide you to fake shops that steal your money and data.

The dead giveaway Home Depot and PayPal

Since Nov. 7, inboxes in the US, Ireland, Sweden, Denmark, Canada and the UK have been receiving scam correspondence purportedly from home improvement giant Home Depot. Recipients are invited to claim a Home Depot gift card worth a whopping $500.

Giveaway scams leveraging the names of big US retailers are old news. Users who do access the embedded link in the email, though, are taken to a fake online survey page that has nothing to do with a $500 Home Depot gift card.

After completing the survey (we intentionally submitted the wrong answers to all questions), we were directed to another page where we could pick out our ‘prize’ – the Google Pixel was gone already:

We scored an iPhone 13, though. The displayed page uses the recipients’ IP address to display a localized version of the scam - in our case Romania.  We need to pay 15 RON (roughly 3.06 USD) for shipping and enter our name and address.

After entering our shipping details, we were prompted to enter our payment information, including cc number and CVV code.

We also picked up other versions of the swindle that use a slightly different approach – QR code scanning:

Don’t be fooled by the cute Pokémon. Interacting with the bogus message will jeopardize your data and money.

After rummaging through a couple of variations of the Home Depot giveaway scam, we did manage to find one that uses the name of the home improvement giant within its survey.

Scammers also baited users in Germany with a fake PayPal and Amazon Black Friday voucher worth 1,000 euros. This particular campaign originates mainly from IP addresses in Russia (50%), Panama (15%), Germany (13%) and Canada (10%).  Recipients are urged to enter personally identifiable information (such as their name) and confirm their email addresses. The end goal is to persuade users to access a link that is sent to their email addresses.

“For a successful participation please confirm the email we just sent you,” the phony message reads. “Please also check your spam folder.”

By following the steps, users could end up giving the scammers additional info and access to their PayPal accounts.

The phony Amazon gift card giveaway email reads:

“It's that time again and the top deals of the year are back!

You have been selected to enter the competition to win a Black Friday Amazon voucher worth 1000 euros!

Your advantages:

1. Free home delivery

2. Voucher redeemable online

3. Voucher valid until December 31, 2022

Click here to register in good time!

Don't miss the chance to win a Black Friday Amazon voucher!”

Protecting your identity and finances during the Black Friday shopping season

  • Always check the sender’s email address and look for typos
  • Never interact with unsolicited giveaway correspondence
  • Shop on legitimate websites you already know
  • Researcher any new vendor
  • Never access links or attachments you receive from unknown sources – Use a Bitdefender security solution to fend off scam and phishing links
  • Add an extra layer of security and privacy to your device when shopping this Black Friday with Bitdefender Premium Security.  With anti-phishing and advanced threat protection to block nasty internet threats, ransomware protection, VPN for safe shopping, and a dedicated Password Manager, you can steer clear of malicious attacks and protect your data
  • Consider a digital identity theft solution such as Bitdefender Identity Theft Protection (for the US only) to monitor all of your sensitive information and finances for signs of fraud

For more tips and tricks for your holiday shopping, check out this dedicated guide.

Safe shopping everyone!

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read