Scammers have put in place new tactics to ensure the success of their phishing campaigns ahead of Black Friday and this year’s Christmas shopping season, while consumers steer clear of retail stores in favor of online shopping.
According to a new report from email security company Inky, scammers have stopped adding malicious links and attachments to their phishing emails as anti-phishing technology has become much more effective at blocking even the most sophisticated attacks. Instead, they started creating emails to impersonate big brands like Amazon, Target, and Walmart.
These e-mails, which are similar to an order confirmation from an online retailer, are harmless when opened and do not contain any malware. However, they do include a phone number for potential victims to call if they believe they have received the order or shipping confirmation in error. Receiving an email for items you haven’t purchased can be unsettling, especially if you think you may have been a victim of identity theft. This creates a sense of urgency and the victims often call the scammers on their own.
When a user calls the number on one of these emails, someone working for the scammer on the other end of the call tries to extract their payment details and other financial information.
Phone Fraud Threats
Over the summer, Inky saw so many of these emails posing as retail brands that his engineers came up with a new threat model called Phone Fraud. In the four months since this new threat model was introduced, the company has detected 24,275 of these attacks on its customers, and that number has grown steadily with Black Friday and Cyber Monday just around the corner.
At the same time, these messages are sent through free email services like Gmail and Hotmail, which makes it a lot easier for them to pass through email authentication protocols like DMARC. So far, Inky has seen scammers use this threat model to impersonate Amazon, PayPal, Target, eBay, and other popular online retailers and mobile payment apps.
To avoid falling victim to these phone fraud email threats, Inky recommends that potential victims carefully verify the legitimacy of the email address, the writing, and the content of these emails. Alternatively, you can open your browser and go to Amazon, Target, or the website of a retailer mentioned in these scams and check your order history to see if you or someone else in your household ordered the item you ordered or confirmed shipping for.
Other ways to protect yourself online during this year’s Christmas shopping season are by installing antivirus software on all of your devices, using a VPN service when shopping, especially if you are connected to a public WiFi, and using a password manager to Generate and store strong, unique passwords for all of your online accounts.
We highlighted those too best malware removal software, best endpoint protection software and best firewall
This article was previously published on Source link