One cybersecurity firm has noticed a rise in phishing scams dangling huge discounts to hook unwary shoppers.

As the year-end festive/shopping season kicks into gear, cybercriminals are already prepping their latest scam and hacking strategies.

According to Check Point Research (CPR), this year-end, luxury brands are being exploited as bait to lead users into clicking on malicious links.

The firm’s researchers have unearthed a deceptive tactic where scammers spoof renowned fashion brands and send out enticing emails promising steep discounts. The email addresses are cleverly manipulated to mimic the authenticity of the brands.

Upon visiting the tempting links within these emails, unsuspecting victims are led to websites meticulously designed to replicate the official sites of the targeted brands. However, users are prompted to input their banking account details to be eligible for the “discounts”, and this is where potential victims become actual casualties of cyber fraud and further cyberattacks.

Tapping delivery and shipping sectors

CPR researchers have also noticed how cybercriminals are luring victims using emails from supposed delivery and shipping vendors during the year-end shopping period, reflected in a 13% increase in the number of malicious files associated with orders and delivery/shipping compared to that of 2022.

As an example of a campaign of emails impersonating delivery company DHL, phishing emails were made to appear to originate from a webmail address “DHL Express (support@dhl.com)” and spoofed to appear as if they had been sent from “DHL”. They contained the subject “DHL Delivery Invoice #############”. The content asked recipients to download an executable file “Invoice #############”.pdf.exe”, that would drop other malicious files using powershell. 

To round off a convincing ploy, cybercriminals have invested significant effort in crafting deceptive websites that closely mimic authentic platforms. This can convince unwary potential victims into willingly providing their banking credentials.  

Readers are advised to treat all unsolicited promotional ads and emails as phishing scams until verified to be legitimate. Phishing emails can be configured to show anything in the display name. Instead of looking at the display name, check the sender’s email address to verify that it comes from a trusted source. Phishers will commonly use domains with minor misspellings that seem plausible. For example, to spoof domain company.com they may create a cormpany.com or company-service.com domain.

Finally, URL phishing attacks are designed to trick recipients into clicking on a malicious link. If possible, preview the actual URL before clicking, by hovering the mouse/pointer over all links within an email and see if they actually go where they claim. Enter suspicious links into a phishing verification tool like phishtank.com, which will tell you if they are known phishing links. Best practices: never open any link at all; visit the website of the supposed promotion directly, and navigate to the indicated page (if it even exists!)