Over half (56%) of Black Friday spam emails received between October 26 and November 6 2022 were scams, according to research from Bitdefender.
The firm’s antispam researchers analyzed all unsolicited Black Friday-related emails delivered to its customers over the period, with the vast majority (68%) sent on the final three days (November 4, 5 and 6).
Unsurprisingly, the highest proportion of Black Friday spam messages were received in the US (27%). This was closely followed by Ireland (24%), then Sweden (8%), Denmark (7%) and France (5%).
Speaking to Infosecurity about the large proportion in Ireland, Alina Bizga, security analyst at Bitdefender, noted: “Given that the majority of Black Friday spam emails were redacted in English and that thousands of retailers in Ireland are preparing for this year’s Black Friday weekend, it’s not unusual for us to see a high portion of shopping-related spam hitting users in the region.”
The study found that scammers placed a heavy emphasis on using fake discount offers on designer bags and sunglasses to lure consumers to fake shops to steal their money and data. Two scams highlighted by the researchers used the subject lines ‘Ray-Ban,Oakley,Costa Sunglasses Up To 90% Off!’ and ‘Louis Vuitton Bags Up To 86% Off!’
Another significant avenue pursued by fraudsters was ‘giveaway scams.’ In one example, recipients in the US, Ireland, Sweden, Denmark, Canada and the UK were invited to claim a Home Depot gift card worth $500. However, after clicking the link, the users were taken to a fake online survey page that had nothing to do with the gift card. Upon completion, they would be taken to another page to pick out a ‘prize,’ including a Google Pixel and an iPhone 13.
Once a prize was selected, the ‘winner’ would be asked to pay a small shipping fee, entering their name, address and payment information.
In another example, users in Germany were sent a fake PayPal and Amazon Black Friday voucher worth €1000. Here, recipients were asked to enter personally identifiable information and confirm their email addresses. They were then sent a separate email with a link that would lead to the users giving away additional information and access to their PayPal accounts.
“Similar to 2021, spammers were keen on exploiting internet users’ attraction to freebies and giveaways. We’ve seen large spam campaigns deployed in the weeks preceding Black Friday sales leveraging gift cards, vouchers and other giveaway items, especially tech gadgets. We do anticipate a rise in Black Friday spam around 24-25 November, as well as phishing campaigns impersonating well-known delivery services,” Bizga explained.
She urged shoppers to be cautious around email offers during this period, especially those that require urgent action to be taken. “Urgent subjects and text lures such as (limited sales, limited stock and security issues or suspicious activity on financial and shopping accounts) remain some of the most effective lures used by scammers during the shopping season. Additionally, consumers also tend to fall for traditional too-good-to-be-true deals and discounts, especially when paired with the names of well-known retailers,” added Bizga.
The new research follows recent figures cited by the UK’s National Cyber Security Centre (NCSC) from cases reported to Action Fraud. This showed that online shoppers lost a staggering £1000 each on average to fraud during last year’s Christmas shopping period.
Commenting, John Davis, Director, UK & Ireland, SANS Institute, EMEA, emphasized the need for consumers to undertake more secure behaviors while shopping online.
“Hackers are known to turn up the heat with high attack volumes and high-pressure tactics at the most challenging of times. With cash conscious consumers’ attention firmly fixed on locking in festive bargains, cyber-criminals will hope we’ve dropped our guard, giving them a prime opportunity to steal our personal and financial data,” he said.
“It’s clear that cyber-criminals are levelling up with attacks that are more prevalent, more sophisticated and harder to detect than ever before. That’s why vigilance is our most critical first line of defense. Opportunistic hackers will try to create a false sense of urgency so it’s important to exercise caution by staying scam-aware, trusting gut instinct and building security into all of our online behavior.”