Heed the early signs of Black Friday scam campaigns: suspect everything online!

In 2021, over 154m Americans reportedly shopped on Black Friday, with 88m of them making purchases online.

However, cybercriminals are taking advantage of bargains-distracted minds by launching their own shopping “specials” in the form of phishing campaigns and lookalike fake shopping websites.

In late October this year, scammers targeted fans of one hot fashion brand with a phishing email that was sent from the webmail address “psyqgcg@moonfooling[.]com“ and spoofed to appear as if it had been sent from “Louis Vuitton”. The email contained the subject line “Black Friday Sale. Starts at $100. You’ll Fall In Love With Prices.

The well-known fashion brand was also the subject of several other fake websites. At the beginning of October, four domains with the same format were registered:

 “88off-bags.co” / “87off-bags.co”/ “86off-bags.co” /“89off-bags.co”.

According to Check Point researchers, the content was designed to persuade victims to click on two malicious links, both of which redirected to the domain: “jo[.]awojlere[.]ru”. The website claimed to be selling genuine pieces of jewelry, which are in fact counterfeit, at discounted prices as part of a Black Friday sale.

All the fake websites were designed to look like the legitimate site and were distributed via email with the subject “[Black Friday sale] Louis Vuitton bags up to X% off! Shop online now!”

Over the past month, Check Point has seen an increasing number of incidents involving these domains, reaching close to 15,000 in the week of November 7th. 

Cybercriminals are even targeting the delivery stage for their fake cut-price items. In the first 10 days of November, researchers found that 17% of all malicious files distributed by emails were related to orders/deliveries and shipping.

A good example of this is a campaign of emails impersonating a delivery firm. The email URL is crafted to look professional but can be spoofed to appear in email clients as if they had been sent from “SHIPMENT TRACKING” or some heading that looks important-sounding and urgent.