Yesterday in many parts of the world it was “the Black Friday” with appealing sales of thousands of products. I guess parts of those products were not really good deals, just a convenient way to get rid of difficult to sell merchandise (particularly considering the short life cycle/shelf time of electronic goods. On the other hand if you are not a fanatic for the very latest … yesterday novelty may be perfect at today’s price).
Already in 2016 in the US most buyers did their shopping on line, rather than queueing up in stores. And the bad guys took notice.
I am still waiting for the latest reports, however many indicators point to a new record high in phishing. Last year, according to Kaspersky Lab report, saw some 770,000 financial phishing attacks (attacks trying to steal your credit card number or bank account number), representing over 48% of total phishing attacks.
This year RiskIQ discovered in the Black Friday week 19,219 URLs (web pages) with the words “Black Friday” waiting for your click to take you to a phishing website. There you would be presented with a bogus website pretending to be one of a reputable store that would sell you low grade merchandise and/or stole your credit card data.
In one instance the bad guys used SEO poisoning -Search Engine poisoning- steering Google to place on top of its search results a malicious address -it was www.rb6.us – DONT CLICK ON IT. Searching for “RayBan Black Friday” returned as first hit a link to a bogus RayBan website where one would be tricked into providing one’s information. You can see other techniques used here.
I’ll be reporting on the actual phishing statistics for this 2017 Black Friday as soon as they become available.