Threat Management, Incident Response, Malware, TDR, Threat Management

Scammers ready to pounce on Cyber Monday deal-hunters

While most Americans are gearing up for a long Thanksgiving weekend, retailers are readying their deals for the so-called Black Friday and Cyber Monday shopping bonanzas – and criminals are already trying to capitalize on the impending buying frenzy.

Late last week, attackers began using search engine optimization (SEO) “poisoning” techniques to make their malicious sites appear near the top of holiday shopping-related search terms, according to researchers at internet security solutions provider SonicWALL. Terms such as “Walmart Black Friday Sales 2010,” “Black Friday” and “Cyber Monday” are leading users to malicious search results.

“We have already seen an increase in malware activity,” Deepen Desai, senior researcher at SonicWALL, told in an email on Tuesday.

Based on research from previous years, malware activity is expected to double during this holiday season, Desai said. For enterprises, the largest concern is that employees who are shopping online from work computers may inadvertently introduce malware into the network.

“Cyber Monday,” the digital equivalent of the brick-and-mortar world's “Black Friday,” marks the beginning of the online holiday shopping season and is one of the busiest online shopping days of the year. It falls on Monday, when most employees return to work for the first time since the Thanksgiving break.

This year, 4.5 percent of workers with access to the internet, or 70.1 million people, will shop for holiday gifts from the office, according to new statistics from the National Retail Federation, a trade group.

“In general, a lot of people are going to be coming in [to work] and going to a lot more sites than they normally do,” Todd Feinman, CEO of Identity Finder, an identity theft and data leakage prevention software provider, told on Tuesday.

To take advantage of the hoards of online shoppers, scammers will likely distribute malicious links on social media sites purporting to offer tempting deals, such as “coupon codes” for popular stores or products, Nicholas Percoco, senior vice president and head of Trustwave's SpiderLabs, told on Tuesday. These links could actually lead users to phishing attacks or sites containing drive-by malware.

This type of scam can spread quickly on sites such as Facebook and Twitter by budget-conscious users who believe they are providing friends and followers with money-saving opportunities, Percoco said.

Another threat this year is the potential for rogue mobile applications purporting to direct users to the best deals of the season, said Identity Finder's Feinman. There have already been a number of Black Friday and Cyber Monday applications released and there is a danger that cybercriminals will set up similar ones with embedded payloads that harvest users' contact lists, passwords or other data.

Also, attackers will likely send spam hawking sales and free offers that actually lead users to malware and phishing attacks, experts said.

Users should be advised to be cautious of links provided in email, instant massages, social media and other online communications, Percoco said. To be safe, those looking for deals should always directly visit a retailer's website. 

In addition, security professionals should ensure that all computers on the network have the appropriate software updates installed, since many employees will be visiting sites they normally wouldn't.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.