Thanksgiving weekend sees millions of people begin online Christmas shopping and this year the holiday season scams have already kicked off.
Black Friday and Cyber Monday are the busiest online shopping days, but some retailers are getting their promotions underway early this year and have already started offering Black Friday deals. Amazon.com for example begins its first Black Friday offers tomorrow, well ahead of the big day on 25th November.
It is no shock that retailers are trying to begin early. 41% of shoppers start their holiday shopping in October according to a recent National Retail Federation survey. 41% of shoppers begin in early November. 82% of shoppers like to make an early start, and this year so are the hackers.
A popular tactic used by hackers is typosquatting – the registration of fake domains that closely resemble the brand names of well-known websites. Phishers use this tactic to obtain login details and credit card numbers. In recent weeks, there has been a rise in typosquatting activity targeting banks and retailers.
A fake domain is registered that looks like the targeted website. For example, the Amaz0n.com domain could be purchased, with the ‘o’ replaced with a zero. Alternatively, two letters could be transposed to catch out careless typists. A website is then set up on that domain that closely matches the targeted website. Branding is copied and the layout of the authentic site is replicated.
There is another way that hackers can take advantage of careless computer users. Each country has its own unique top level domain. Websites in the United States have .com. Whereas, websites registered in the Middle Eastern country of Oman have the .om domain. Scammers have been buying up the .om domains and using them to trick careless typists. In the hurry to get a holiday season bargain, many users may not realize they have typed zappos.om instead of zappos.com.
Visitors to these scam websites enter their login details as normal, yet all they are doing is giving them to the hackers. The scammers don’t even need to copy an entire website. When the login doesn’t work, the site can simply redirect the user to the authentic site. Users then login as normal and finish their purchases. However, the scammers will have their login details and will be able to do the same.
However, many websites now have additional security features to stop the use of stolen login credentials. If a login attempt is completed from an unrecognized IP address, this may set off additional security features. in some cases the user may have to answer a security question.
Some hackers have got around this issue. When a user tries to login on a scam site, a login session is automatically opened on the proper website. The information entered on the scam site is then used by the hackers on the genuine site. When the unusual IP address triggers an extra security layer, this is then mirrored on the scam site with the same question forwarded to the user. The question is answered, and an error message is presented saying the login was unsuccessful. The user is then sent to the genuine site and repeats the process and obtains access. Chances are they will not realise their account details have been compromised. Hours later, the hackers will login to the genuine site using the same details.
Companies must also use caution at this time of year and should take steps to reduce the risk of staff members falling for holiday season scams. Staff members keen to get the latest bargains will undoubtedly complete some of their purchases at work.
Email scams are more common at this time of year and business email accounts can be flooded with scam emails. Offers of lower prices and special deals are likely to arrive in inboxes again this year. Email holiday season scams may not focus on stealing login credentials. Given the rise in malware and ransomware infections this year, this holiday season is likely to see many holiday season scams infect companies this year. A careless staff member looking for an online bargain could all too easily click a link that leads to a malware download or ransomware infection.
