Richard Beck | 23 November 2018
This Black Friday and into next week, shoppers will inevitably be lured to fake websites for '60% off iPhone X' or a 'last in stock' super deal fraudulent campaign. Mostly via phishing emails and increasingly via expertly crafted login pages, making you think you are logging into a valid site.
If you fail to notice the web login page is fake, typically hackers receive your login details and/or credit card information. Your stolen login details including username and password, together with your and personal information are then used to carry out fraudulent activities. Simple phishing campaigns can use an almost identical copy of a login page for Social Media platforms, e.g. Facebook, or search engines, e.g. Google, plus a variety of popular retailers and banks, etc. Often using typos in domain names, whilst still using a secure certificate, with a malicious PHP script to send home the details captured.
However, at this time of year the sophisticated and 'long game' players in organised cyber-crime will have pre-planned a deeper trap. Often embedding within the file structure of a web site. Black Friday to Cyber Monday is a promotion lasting at least a week. Notwithstanding the malware, credit card skimming inject, at the checkout to steal your credit card details. Taking advantage of web site extensions, embedding malware e.g. a backdoor alongside a key logger many months ago to bridge access and exfiltrate data at will. Successful campaigns and sources are tweaked in terms of the messaging and left in play throughout the forthcoming holiday season. This is big business every year.
Compromised website owners will see a performance impact and under normal circumstances this would raise alarms. In the midst of high volume transactions for Black Friday could be missed. In fact 'unwanted software' installed on websites by nefarious means has been an issue for years, with Google publishing the typical characteristics for website owners to look out for.
If you believe you have been a victim of a phishing campaign, here some tips for you;
- Change your passwords
- Adopt a multi-factor authentication
- Regularly review your bank account for unusual transactions
- Block the cards used for online transactions
- Contact the site where the phishing page originated
There is an old adage, "if it looks too good to be true, it always is", even on Black Friday!
Visit qa.com/cyberfor more information on how they can help solve the Cyber Security skills gap.