Watch out! Hackers have new techniques for Black Friday and Cyber ​​Monday

Until November 28, a consumption peak is expected due to the Black Friday Y cyber mondaytwo of the biggest online shopping times in 2022. However, it is also a golden opportunity for an increase in attempted cyberattacks.

The alert is issued by S21sec and should not leave anyone indifferent. Faced with a climate of inflation that plagues the world economy, basic necessities have never been so expensive, nor the cost of living so high. Thus, the increase in online crime is just one more reflection of this adverse scenario in which poverty already lurks in each new bill that arrives at our home.

Black Friday and Cyber ​​Monday are attractive “targets” for online fraud

This year, since the start of the war between Russia and Ukraine, fuel prices have reached record levels and the energy conflict has spread to the whole world.

In this context, also taking advantage of these days of offers, hackers take advantage of the crisis and the general uncertainty surrounding fuel prices. All to attract potential victims by spreading false offers and discounts.

This type of fraud is carried out through campaigns. identity fraud🇧🇷 It is an attack technique based on social engineering that aims to trick the user into sharing all kinds of personal information. Information such as passwords, confidential data, account numbers, etc.

identity fraud It is a recurring threat in times of online shopping

The most common type of identity fraud during the Black Friday and Cyber ​​Monday campaign is the traditional email spoofing🇧🇷 That is, cybercriminals write an email that they send to different addresses posing as real companies that offer discounts on these days.

This type of fraud also can be contacted by whatsapp, increasing the risks and scope of the attack. This is because the manipulated message or file can be forwarded to different contacts very quickly and easily.

In this sense, S21sec has already registered numerous campaigns of identity fraud distributed by WhatsApp under the name of powerful multinational brands. In other words, a hoax with the potential to spread rapidly through social networks and messaging applications.

Schemes disseminated by email and even WhatsApp


At the same time, another of the techniques used at this time of year is the smishing🇧🇷 That is, the sending of SMS messages informing the victim that, for example, their order could not be delivered normally due to non-payment or that the order is being held at customs.

Read Also:  Samsung starts replacing Galaxy screen with green line problem for free

text message usually includes a URL (link) scam, apparently legitimate, asking the victim for their bank details to make the payment.

Also, the malware is another methodology used by hackers through emails with malicious attachments designed to infect victims. They do this to steal information or make computers part of a botnet.

Be careful with some SMS messages

That is, a network of infected computers that can be remotely controlled and forced to send spam, spread malware or carry out a DDoS attack. All this, as is easily understood, without the authorization of the owner of the device.

He too electronic skimming worth noting, as it is a technique used by cybercriminals to obtain banking and personal information from legitimate online stores and then sell it on the black market.

Access to these online stores is obtained through campaigns identity fraud. They also do so by exploiting unpatched vulnerabilities in the content management system without leaving any trace of the crime committed.

E-skimming generally affects online stores that have the payment gateway within the store’s own domain, since all the information is managed by the store itself.

However, it can also affect online stores that use a third-party gateway, because even if the store does not manage card details, customer information can still be stolen.

S21sec’s recommendations for these days are as follows:

  • Be wary of emails posting great deals, as hackers take advantage of these discount campaigns to carry out attacks using social engineering.
  • Please ignore emails from unknown and/or unverified senders and their attachments and report suspicious emails to the security team. Avoid downloading attachments, software, and other files from untrustworthy sources.
  • In authentication processes, it is recommended to always verify that the link is legitimate.
  • Do not provide personal credentials unless you are sure the recipient is trustworthy.
  • Do not fill out forms or submit any personal information on unreliable sites.
  • Keep the operating system and applications updated. It is important to keep antivirus and other detection and/or prevention programs up to date, since new malware samples are added to their databases on a daily basis.

Recent Articles

Related News

Leave A Reply

Please enter your comment!
Please enter your name here