Black Friday spam campaigns in the starting blocks

[German]November 26, 2021 is Black Friday – almost everything is free – and some people's brains are also out. This also attracts cyber criminals, who increasingly attack consumers with online shopping scams. The telemetry data from Bitdefender Labs also documents an increased incidence of shopping spam messages in Germany in November. Further highlights of such mailings can be expected for Black Friday and for Cyber Monday, which is also becoming increasingly popular in Germany. I am posting the information provided by Bitdefender here on the blog.

The cybercriminals have not missed the strong trend of online shopping in the context of the pandemic. Since the beginning of November, they have been launching test campaigns to fine-tune their email scam campaigns, make financial gain already or capture credentials. Even though the majority of the mails are written in English and the spam trend around Black Friday mainly takes place in the USA, German examples of online fraud can also be found. Among the non-English speaking countries, Germany is at the top in terms of both occurrence and origin of the scams.

Online shopping scams

Bitdefender experts observed a peak in English-language shopping spam and scam e-mails between November 8 and 11 (see figure). In the USA, travel offers in the run-up to the upcoming Thanksgiving vacations helped drive this trend.

Development of English-language spam from November 8 to 11, 2021. Image source: Bitdefender.

Excluding the U.S. (that's number one), Germany ranks third behind Ireland and the U.K. in the geographic distribution of fraudulent shopping emails: six percent of Black Friday-related emails worldwide spread to Germany (see the following figure).

Geographical distribution of shopping scam emails in English from November 8 to 11, 2021. Image source: Bitdefender

44 percent of the mails have a North American IP address as sender, but six percent also have a German one. Obviously, spam scam contents are often tempting special offers.

Increasing your own security

Private users can do a lot for their secure online shopping. This starts with cybersecurity software. The protection of mobile devices that are used for shopping is indispensable. However, according to the Bitdefender study 2021 Bitdefender Global Report: Cybersecurity and Online Behaviors, one in three users still does not consider this necessary for a variety of reasons. Bitdefender recently added several features to its solutions for home users.

Equally important is prudent management to avoid falling victim to highly professional cyber gangs. Every consumer should keep an eye on their online activities, assess their personal security risks, and protect their online accounts right now.

The following tips help to reduce your own risk when shopping on your computer or smartphone:

• Up-to-date security: Internet browsers should always be up-to-date on all devices through which users shop online – from computers to cell phones to tablets. Security solutions should also not be missing on the device. 
• Data thriftiness with credit card data: Users should never enter their credit card data on unknown or suspicious websites. Sharing bank data with people who contact you via social media channels is prohibited in any case.
• Good addresses are safe: Official stores of providers or websites with a good reputation usually offer the best security.
• Beware of overly attractive offers: Offers that sound too good to be true should be treated with particular caution. Here in particular, it is advisable to check these e-mails and the stores behind them carefully instead of rushing to check out.
• Check and reset access data: Users should check their user account data again right now and reset it as a precaution. This applies especially to personal accounts at online stores, e-mail, banks, delivery services and social media platforms. This is because scammers want to steal access data above all else.
• Use strong passwords: Anyone who makes the selection of their access data too easy will quickly become a victim of attackers. Passwords with at least 12 to 15 characters and password managers help protect online identities.
• Check unsolicited messages: Unsolicited offers, messages and offers deserve suspicion. To check them, it's worth looking at the official websites of the providers, which may warn about just such a campaign or other current cybersecurity issues.
• Use authentication tools: Two-factor (2FA) or multi-factor (MFA) authentication should be used by users wherever possible. Especially for online banking and e-commerce.
• Beware of parcel notifications by mail: Scams involving parcel services are now part of everyday life. They are especially dangerous now, when a shopper in the pre-Christmas digital shopping rush loses track of what mail he or she is still waiting for.
• Check the external form and content: Consumers should also pay attention to the formalities of a mail: Suspicious layouts and spelling errors are indicators that should prompt caution. Unusual requests to transmit data also often signal danger.
• Safe online navigation: Online shoppers can recognize the website of a reputable provider by the HTTPS suffix in the address. It is particularly dangerous to open links in an e-mail directly. Here in particular, it is advisable to cross-check on the official website.
• Select alert settings for credit cards: Those who pay by card can set a real-time alert before unusual requests for money.