Scammers have adopted new tactics to ensure the success of their phishing campaigns ahead of Black Friday and this year's holiday shopping season, when consumers have turned away from retail stores in favor of shopping online.
According to a new report from email security firm Inky, criminals have stopped including malicious links and attachments in their phishing emails because antiphishing technology has become much more effective at defending against attacks, the more sophisticated . Instead, they began creating emails designed to impersonate big brands like Amazon, Target, and Walmart.
These emails that look like an order confirmation from an online retailer are harmless once opened and free of malware. They do, however, include a phone number that potential victims are encouraged to call if they believe the order or shipping confirmation was sent to them in error. Receiving an email for items you haven't purchased can be confusing, especially if you suspect you've been a victim of identity theft. This creates a sense of urgency and victims often end up calling the scammers on their own.
If a user calls the number included in any of these emails, someone who works for the scammer on the other end of the call will try to extract their payment details and other financial information.
Toll Fraud Threats
Over the summer, Inky saw so many of these emails disguised as retail brands that its engineers created a new threat model called Phone Scam. In the four months since rolling out this new threat model, the company detected 24.275 of these attacks targeting its customers and that number has continued to rise with Black Friday and Cyber Monday fast approaching.
At the same time, these messages are sent via free email services like Gmail and Hotmail, making it much easier for them to get past email authentication protocols like DMARC. So far, Inky has seen criminals use this threat model to impersonate Amazon, PayPal, Target, eBay, and other popular online retailers and mobile payment apps.
To avoid falling victim to these phone scam email threats, Inky recommends that potential victims carefully inspect the email address, writing, and content of these emails to see if they are legitimate. Alternatively, you can also open your browser and go to Amazon, Target, or the website of any retailer mentioned in these scams and check your order history to see if you or anyone else in your household has ordered the item you received an order or confirmation from. shipping. by.
Other ways to stay safe online during the holiday season include installing antivirus software on all your devices, using a VPN service while shopping, especially when you're online. A public Wi-Fi and the use of a password manager to generate and store strong and unique passwords for everyone. of your online accounts.
We've also highlighted the best malware removal software, the best endpoint protection software, and the best firewall.