Black Friday, the day after Thanksgiving, marks the start of the American holiday shopping season. Brick-and-mortar retailers gear up for it by offering gargantuan sales to get shoppers in the doors.
Black Friday shoppers rush into a Target store in Washington, D.C. CREDIT: Gridprop/Public domain
But they're not they only ones getting ready. Cybercriminals are prepping their online wares too.
Many of the scams also target Cyber Monday, which falls on the Monday after Thanksgiving. For the past few years, Cyber Monday has been the biggest day for online retailers, who entice customers with special "one day only!" promotions.
Search the Web for "Black Friday" and there will be thousands of sites promoting sales and discount codes. The sad thing is, a lot of the sites are fake. Instead of selling things, they're designed to part unsuspecting users from their money, infect computers with malware or steal personal and financial information.
The deluge has not really yet begun, but researchers have already flagged Black Friday and Cyber Monday messages around the following products.
Last year's hot items at a discount
Black Friday and Cyber Monday promotions are all about deals that sound too good to be true. Scammers, on the other hand, often go for a bit of realism, said Andrew Conway, a security researcher with Cloudmark, an email security provider in San Francisco.
Many of the special sales Cloudmark observed involved older, yet still popular, products, as opposed to newer and shiner gadgets. That's not to say scammers aren't offering the iPhone 5 as bait; Apple products are a great lure for hooking unwary users.
Cloudmark researchers noticed several Black Friday-related spam campaigns touting hot-ticket items from last year, such as the iPad 2 and the Kindle Fire.
One campaign offered the Kindle Fire for $24.95, provided the user clicked on the Web link in the spam message and followed it — in this case, to a phishing form.
It's reasonable to assume that last year's must-have gift items would be on sale this year. Spammers respond to what people are expecting, and no one expects to get a hot product like the iPad Mini for $100, Conway said.
But when it comes to last year's products? "Oh yeah, people expect to see a deal on those," Conway said.
The Sunday after Thanksgiving is often the most heavily traveled day of the year in North America. It makes sense that cybercriminals would take advantage of that fact, said Troy Gill, senior security analyst at anti-spam outfit AppRiver in Gulf Breeze, Fla.
AppRiver researchers have observed a huge array of malicious emails pretending to be airline ticket confirmations — hundreds of millions in the past week, said Gill. Nearly every major U.S. airline has been spoofed, with the most recent campaign targeting Delta Airlines.
One common fake airline-confirmation email includes flight details in the body of the message and has an executable file as an attachment.
The executable attachment is a Trojan horse. Once clicked, it installs a backdoor that allows remote access to the victim's PC, and also installs a rogue antivirus program.
This particular strain of rogue AV shuts down all other installed anti-virus software, turns off the firewall settings that keep out malware and then displays multiple "Your machine is infected!" warnings.
The user is invited to buy the fake AV software in order to "clean" his machine, but of course, he'll only be handing over his credit-card information to cybercriminals.
If "all this wasn't bad enough," said Gill, the Trojan also adds the infected computer to a botnet and commandeers the machine to send out thousands of spam emails per hour.
No such thing as free airline tickets
Speaking of airline confirmations, there has been an uptick in the "get tickets for free" scam on Facebook offering users seats on Southwest Airlines flights home for the holidays.
Clicking on the Facebook wall posting offering the deal doesn't take you to Southwest Airlines' page. Instead, it redirects users to pages and pages of surveys, for which the scammers get a few pennies, while also spamming your Facebook friends' news feeds.
Scammers adore Apple fans
Apple products are always popular, and scammers aren't going to bother to craft brand-new campaigns when a tried-and-true scam still works well.
A team of researchers from Agari, a Palo Alto, Calif.-based provider of email authentication services, observed messages claiming to be from firstname.lastname@example.org and touting the iPad 3 in the subject field.
The iPad 3 scam encourages users to click on an embedded link within the email to fill out a survey "to see if you qualify for a New Revolutionary iPad!"
Because the email seems to come from a trusted address, and because users have to fill out a survey as opposed to getting something for nothing, many people may be convinced that it is a legitimate offer.
The survey is actually a phishing site after the user's email address and personal details, the Agari team told TechNewsDaily. There is no iPad 3 in the victim's future.
Easy consumer-electronics scams
Consumer electronics are a Black Friday staple, both for legitimate retailers and for scammers. Flat-screen TVs and video-game consoles represent a significant volume of Black Friday scams as well as sales, possibly because their price points are significantly higher than those of average items, said a representative from San Diego-based Internet-security provider Websense.
With higher prices comes the prospect of larger savings, making it even more likely that consumers are looking for great deals on big-ticket products.
Websense flagged spam campaigns using certain high-priced hooks: the iPhone 5, Sony PlayStation consoles and flat-screen TVs from well-known brands. Websense also noticed what its representative called a "number of persistent penny-auction campaigns" for such products.
Coach, Chanel, Louis Vuitton handbags for cheap
While counterfeit products from luxury brands such as Coach, Chanel, Rolex, Christian Dior and Louis Vuitton are available year-round, Cloudmark has observed an uptick in emailed offers in the past week as the scammers gear up for Black Friday, Conway said.
The "luxury replica" spam campaign is the most prevalent holiday scam so far, according to Agari. Messages are sent from spoofed email addresses purporting to be from your bank, your shipping company, a well-known consumer-electronics company or even just a friend.
Some of the websites pushing counterfeit luxury items have updated themselves to reflect their own "Thanksgiving Day sales," much as would a legitimate retailer.
Email messages from spoofed addresses such as "mac.com" and "fedex.com" direct users to Web marketplaces with deals on Rolex watches and handbags from Prada and Chanel.
Subject lines include "Start thinking about Christmas," "Early Christmas orders," "Pre-Christmas ordering," "Christmas Discount Code enclosed," and "Never too early for Christmas."
Since users are looking for online-shopping discount codes, subject lines such as these make it likely the users will click on the link.
Unlike other Black Friday scams, users clicking on these messages won't be immediately infected, or have their identities stolen by phishers.
Instead, the customers will be getting the products they purchased — the products will just be fake.
Copyright 2012 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.