Cybersecurity firms and MSSPs were busy over the past couple of months tracking the myriad online scams aimed at businesses and consumers who were getting ready for the Black Friday and Cyber Monday sales that mark the beginning of the hectic month-long holiday shopping sprint.
It’s an ideal environment for cybercriminals, according to Nathaniel Jones, vice president of threat research at security vendor Darktrace, noting that “consumers are inundated with time-sensitive deals, while retailers handle record-breaking transaction volumes at speed. This environment makes it harder than ever to identify suspicious activity.”
So how bad was it? According to a Darktrace report this week, during Thanksgiving week, the number of Christmas-themed phishing attacks jumped 327% compared with what was seen between November 4 and 9, and phishing attacks referring to Black Friday and Cyber Monday shot up 692%.
The numbers show how aggressive threat actors can be in exploiting such high-profile events and ways that cybersecurity vendors and MSSPs alike can help organizations protect themselves and their customers with tools like continuous monitoring and real-time threat detection across client networks.
MSSPs' Quick Response
MSSPs “can quickly spot and respond to widespread attacks like phishing campaigns, using global threat intelligence to defend against new threats proactively,” Stephen Kowski, field CTO at SlashNext Email Security+, told MSSP Alert. “This automated protection is especially valuable during peak holiday periods when internal security teams may be stretched thin.”
Jason Soroko, Senior Fellow at cybersecurity firm Sectigo, said MSSPs can “deploy advanced endpoint protection, monitor web traffic for malicious activity, and deliver incident response to quickly mitigate breaches. MSSPs can offer event-specific defenses that address both human and technical vulnerabilities.”
A Busy Scam Season
The holiday shopping season is among the busiest times for internet fraud, a cybercrime that is a problem throughout the year. According to the U.S. Internet Crime Compliant Center (IC3), over the past five years, there have been 3.79 million complaints filed about online crime that resulted in $37.4 billion in losses, with $12.5 billion reported last year.
In the United States, during the runup to Thanksgiving, there was a 2,000% jump in emails made to appear to be promotions from well-known brands like Walmart – which Darktrace’s Jones called “easily the most mimicked US brand” – Macy’s, Target, Old Navy, and Best Buy.
Scammers also redistributed their resources away from businesses to targeting consumers by impersonating major consumer brands like Amazon and PayPal, which saw a 92% increase. Phishing messages spoofing workplace-focused brands, including Adobe, Zoom, and LinkedIn, fell by 9%.
“Major retail brands invest heavily in safeguarding themselves and their customers from scams and cyberattacks, particularly during the holiday season,” Jones wrote in the report. “However, phishing and website spoofing occur outside the retailers' legitimate infrastructure and security controls, making it difficult to catch and prevent every instance due to their sheer volume.”
Security teams are using advanced technologies like AI to help defend against the scams, but brand impersonation fraud is still a problem, he wrote.
Multiple Attack Tactics
Among the most common brand-spoofing techniques bad actors use are domain spoofing, which involves creating almost perfect replicas of a company’s retail site, and brand spoofing, when attackers send phishing emails that are made to look like a particular retailer and luring consumers into clicking a link for a supposed discount. However, clicking on the link downloads malware onto the victim’s device.
There also is Safelink smuggling, which attackers use to have their malicious payloads rewritten by a security solution’s Safelink capability to propagate the rewritten URL to other victims. Jones also noted multi-stage attacks, which combined these techniques into a single attack.
“Brand spoofing emails lead unsuspecting shoppers directly to domain spoofed websites that harvest login or payment details, creating a seamless deception that hands personal and financial data directly to attackers,” Jones wrote. “This coordinated approach exploits the chaos of holiday sales, when shoppers are primed to expect high volumes of retail emails and website traffic promoting significant savings.”
Mika Aalto, co-founder and CEO of cybersecurity firm Hoxhunt, noted that along with more gift buying and traveling, the holiday season comes with “heightened emotions, so there are a lot more psychological buttons available to hackers during this season of giving. Seasonal scams continue to exist because they’re successful for cybercriminals. Cybersecurity leaders should take steps to bulk up defenses during the holiday season, when there is heightened email activity and emotions that social engineers can manipulate.”
