Three-Quarters of Black Friday Spam Emails Identified as Scams
Summary:
According to Bitdefender, 77% of Black Friday-themed spam emails in 2024 have been identified as scams, highlighting a 7% rise in the proportion of spam emails identified as scams compared to Black Friday 2023, and a 21% increase compared to 2022. As usual, these emails aim to social engineer victims into providing their personal data including login credentials and banking information, or directly steal their money via fake purchases or using banking trojans. Based on metrics collected by Bitdefender, the United States accounted for 38% of all Black Friday-themed spam, followed by Germany (10%), France (9%), Bulgaria (7%), etc.
Analyst Comments:
Bitdefender saw a spike in Black Friday spam activity in late October 2024, highlighting the opportunistic approach of actors taking advantage of individuals looking to shop for holiday gifts. Notably, attackers have become more creative with their scams in 2024, tailoring their emails to different groups of shoppers ranging from tech enthusiasts, fashion lovers, and grocery and household shoppers. To lure potential victims, these actors are advertising extensive discounts for brands like Ray-Ban or offering exclusive rewards that appear to come from popular retailers like Costco. Additionally, Bitdefender has detected the employment of fraudulent shipment emails, which falsely claim that a victim’s order is ready for delivery. These emails often contain malicious PDF attachments disguised as shipping invoices, intended to trick recipients into downloading Grandoreiro, a trojan that is designed to steal the victim’s banking credentials.
Suggested Corrections:
Recommendations from Bitdefender:
https://www.infosecurity-magazine.com/news/black-friday-spam-emails-scams/
According to Bitdefender, 77% of Black Friday-themed spam emails in 2024 have been identified as scams, highlighting a 7% rise in the proportion of spam emails identified as scams compared to Black Friday 2023, and a 21% increase compared to 2022. As usual, these emails aim to social engineer victims into providing their personal data including login credentials and banking information, or directly steal their money via fake purchases or using banking trojans. Based on metrics collected by Bitdefender, the United States accounted for 38% of all Black Friday-themed spam, followed by Germany (10%), France (9%), Bulgaria (7%), etc.
Analyst Comments:
Bitdefender saw a spike in Black Friday spam activity in late October 2024, highlighting the opportunistic approach of actors taking advantage of individuals looking to shop for holiday gifts. Notably, attackers have become more creative with their scams in 2024, tailoring their emails to different groups of shoppers ranging from tech enthusiasts, fashion lovers, and grocery and household shoppers. To lure potential victims, these actors are advertising extensive discounts for brands like Ray-Ban or offering exclusive rewards that appear to come from popular retailers like Costco. Additionally, Bitdefender has detected the employment of fraudulent shipment emails, which falsely claim that a victim’s order is ready for delivery. These emails often contain malicious PDF attachments disguised as shipping invoices, intended to trick recipients into downloading Grandoreiro, a trojan that is designed to steal the victim’s banking credentials.
Suggested Corrections:
Recommendations from Bitdefender:
- Verify sources: Double-check email sender addresses and website URLs for legitimacy
- Avoid Clicking links: Visit retailer websites directly instead of clicking unsolicited links
- Use Security Tools to help verify suspicious links and emails
- Be cautious with surveys: Treat surveys claiming rewards or deals with skepticism unless verified as legitimate
https://www.infosecurity-magazine.com/news/black-friday-spam-emails-scams/