As per a report by CloudSEK, threat actors are targeting victims, especially those related to cryptocurrency and travel. Researchers from the cyber threat intelligence firm claim to have found cybercrime forums across various languages. They say that some actors are promoting their malicious services/campaigns.
“Compromised personal identifiable information (PII) and banking credentials can be used to perform unauthorised transactions and social engineering attacks,” said researchers from CloudSEK, which also provide cyber threat intelligence to CERT-in – India’s nodal agency for responding to computer security incidents.
Black Friday sale hotspot for cybercriminals
Rishika Desai, Cyber Threat Researcher, CloudSEK, says that Black Friday sale is a global theme now where cybercriminals launch malicious campaigns. “The iconic Black Friday sale has become a global theme now where cybercriminals at every level and expertise try their best to launch malicious campaigns. Most of these campaigns misuse or impersonate popular brands and companies providing sales and services to cheat the public,” Desai notes.
How are cyber criminals targeting users?
CloudSEK says its contextual AI digital risk platform ‘XVigil’ discovered Black Friday-themed domains registered and operational. These domains are carrying out cyber attacks by impersonating legitimate websites, services for Google/Facebook ads, and the spread of malicious applications.
“Various elements come into play here, right from hosting a website to gaining critical information of victims by using different techniques. Threat actors are constantly looking for opportunities to siphon crucial data or money,” Desai added.
Cybercriminals lure potential victims by offering freebies and attractive deals. They then steal their personal identifiable information and banking credentials to carry out unauthorised transactions.
How to protect yourself from online scams
There are certain ways you can protect yourself from scams during the Black Friday sales. People should update their apps and web browsers to the latest patch. When they get any deal in their inboxes, they should check the URL of the website they are being taken to. Look out for red flags like spelling and grammar mistakes in the messages delivered to you.