Cyberattacks against retailers and consumers increased during Black Saturday week, according a report by a cybersecurity platform.
The provider is a, DarktraceA study by, of Cambridge in England, found that the number of phishing emails with Christmas-themed themes had increased from the beginning of November to the end of the month, and the number of Black Friday-themed emails had risen by 692%.
The report stated that the threat landscape in the United States is much worse. Phishing attacks, which mimic major holiday brands such as Walmart, Target and Best Buy, have increased by over 2000% during peak periods.
Darktrace researchers found that scammers shifted their focus away from businesses and towards consumers when the holiday shopping season kicked into high gear. Between the periods studied, global impersonation of consumer-focused brands increased 92% while imitations of brands that target workplaces declined by 9%.
“While we didn’t look at a year-on-year comparison in this analysis, we believe the rise of AI combined with automation and growing cybercrime-as-a-service marketplaces is increasing the speed, scale, and sophistication of cyberattacks, including phishing,” Darktrace Vice President of Threat Research Nathaniel Jones told the E-Commerce Times.
Jeff Wolverton CEO of PiviT StrategyAccording to the E-Commerce Times, Charlotte-based IT Consulting and Managed Services provider.
Jones said that thread hijacking is a sophisticated technique that’s gaining in popularity. Thread hijacking is a sophisticated technique that involves hackers gaining access to an email account of a victim, monitoring the ongoing conversation, and then inserting their own messages into it.
“By replying existing emails, they are able to send malicious links, ask for sensitive information, and manipulate the conversation in order to achieve their goals such as redirecting money or stealing credentials,” said he. “Because these emails look like they are coming from a reliable source, many of them bypass traditional security measures and human security teams.”
Improved Fake Stores
Erich Kron at Sicherheitsawareness advocate added: “This year, the number of online fake stores appears to have increased.” KnowBe4This is due to the improvement in tools, as well as the use of AI, which generates fake sites, creates item descriptions, and writes fake reviews to make sites appear legitimate.
He said bad actors are able to quickly and easily copy a website’s entire design, including logos, images, and other identifying elements, by using freely-available tools. It’s relatively easy to create domain names that appear to be the same as the legitimate brand.
The ease with which these sites can be built offsets their disadvantage of being taken down so quickly.
Mika Aalto is the co-founder of and CEO at HoxhuntHackers have more buttons to push during the holiday season, as there is more gift-buying and travel.
“We see many phishing campaigns that are based on package delivery, and spoofed Amazon sites lead to credential-harvesters,” he said in an interview with the E-Commerce Times. Travel-themed phishing could inform a victim of their flight being canceled. In a panic they might click on something that they wouldn’t normally do and download malware.
Mobile Dilemma
Threat actors are leveraging themes such as coupons or deals in the run-up to Black Friday, and during the holiday season. Selena Larson is a senior researcher at ProofpointSunnyvale, California, is home to a company that provides enterprise security.
She told the E-Commerce Times that “we also see threat agents leverage end-of-year topics like bonuses or pay increases to entice user engagement with malicious content.”
Customers should be careful when responding on their mobiles to possible deals. Krishna Vishnubhotla – Vice President of Product Strategy at ZimperiumThe company is based in Dallas.
He told E-Commerce Times that this would be very difficult because mobile devices are smaller. “Bad actors redirect you repeatedly to confuse you, and force you onto a fake site. There is no way of knowing where these websites are hosted, so you cannot make an informed decision.
Dark Web Discounts
Stephen Kowski (field CTO at IBM) observed that the increase in holiday-themed phishing attacks is a reflection of how cybercriminals time their campaigns expertly to blend in and profit from consumers’ reduced attention during peak shopping seasons. SlashNextPleasanton, California, is home to, a company that specializes in computer and network safety.
The E-Commerce Times reported that “the massive spike in retail impersonation attacks against major retailers shows how threat actors have become increasingly sophisticated at exploiting seasonal consumer behavior and shopping patterns.” “Modern phishing has evolved beyond the boundaries of traditional corporate email security. It now targets personal accounts, Facebook, and multiple communication channels that employees utilize while shopping online at work.”
He said that organizations need to have comprehensive protection beyond their corporate infrastructure in order to detect and stop sophisticated phishing attacks across all digital channels, while also ensuring that employees can shop for the holidays without risking security.
Chris Hauk is the champion of consumer privacy at Pixel PrivacyA publisher of consumer privacy and safety guides, pointed out to the E-Commerce Times that brands were making an effort to foil scammers. “Brands take action to combat impersonators, by verifying official accounts on social networks, removing fake applications from app stores, as well as submitting requests to remove lookalike domains and websites,” he told E-Commerce Times.
Paul Bischoff a privacy activist at ComparitechReviews, advice and information for consumer security products.
“If a business knows that its brand is used to scam people,” said he to the E-Commerce Times. It should do all it can to alert its customers to the scam. The problem is even more prevalent during the holiday shopping season, when many people try to take advantage of great deals.
Unfortunately, holiday shoppers aren’t just consumers. Darktrace’s Jones explained that, “just like retailers, threat actor also take advantage of the holiday season in order to offer seasonal discounts to their offerings.” Cybercriminal shops offer bulk discounts for stolen data such as usernames and passwords on the Dark Web during the holidays.