Happy Friday my friend,
Real quick - if you're going to the PBX22 Expo at the Convention Center today, I'll be speaking at 3:15 in room 319A. Feel free to come by and say hi! Here's a link with more details. In other news, the holidays are upon us - stores are fully stocked with Christmas decorations and gifts and the hackers are still at it. Last month an unknown hacker group launched a series of campaigns preying on online shoppers looking for "holiday specials." We've had clients forward some of these emails over for us to look at and they're quite convincing.
The Takeaway Here's what you need to look for in these holiday themed phishing emails:
▪ The central theme of these phishing emails is a chance to win a prize from a reputable brand. One target we've seen a few variations on are giveaways of Yeti products from Dick's Sporting Goods (see sample image below). If you see anything resembling this, delete it right away.
▪ If you DO end up accidentally clicking on one of these links, these campaigns have been very effective by engaging in social proof, ie. fake testimonials showcasing the "prizes they received." If you see them on a page, close your browser tab immediately.
After "winning" the prize, victims are requested to cover the shipping cost to receive the prize, which requires a credit card number. Ah ha! Now you know what they're really after!
Of course, there is no prize to be shipped and your credit card details are stolen and can be used by bad guys for all sorts of nefarious activities such as carding, online shopping and selling your card to other hackers.
Akamai, the watchdog group that published their investigation into this stated that roughly 89% of users landing on phishing domains are from the United States and Canada. Depending on their exact location, the redirection takes them to a different phishing site impersonating locally available brands.
In short, if an offer is too good to be true, it probably is. Use common sense. We're heading into the holidays and there will be more scams to come before we reach 2023!
Stay safe out there -A