Fake stores may increase on Black Friday; see how to protect yourself

Black Friday will take place on the 26th of this month and many consumers are eager to take advantage of the offers, but digital security company Tempest warns that this date and other commercial events are ripe times for the increase of fake stores (fake stores), which may steal personal data and credentials, in addition to generating false bills. To ensure the legitimacy of purchases and prevent attacks, the institution provided some tips.

Fake stores are websites with similar aesthetics and URLs to large e-retailers, and the success of this scam is related to the ability to copy the original websites. In this case, experts use social engineering to attract the curiosity of victims.

According to Tempest, the scheme is a business model that has several groups involved; there are individuals who develop and market pages, as well as criminals who buy or rent these addresses. Within these specialists’ communication channels, several advertisements offer the construction of fake stores.

“Phishing as a Service”

The company informs that the growth of national e-commerce during the pandemic also brought an evolution in cybercriminal techniques within the Phishing-as-a-Service (PHaaS) modality — the practice of developing this type of project for customers. During Black Friday, and other seasonal commemorative dates, Spam tools and services should be widely used to spread scams.

The company’s Threat Intelligence team is working to unravel the workings of the PhaaS of fake stores. In a campaign analyzed by the group, the objective was to collect personal information, credit cards and make a profit with payment slips. The project even had support services for criminals, such as communication resources with victims.

Boletos generated by these pages have approximate value of “normal” stores and can be created in digital banks through “orange accounts” that receive payments.

Top Spam Tools

Based on the study carried out by Tempest, a list was assembled of the Spam tools used to spread the fake stores.

  • SMS messages: one of the main means still used is sending through Short Message Service (SMS) and e-mails;
  • Chipeira: a type of modem “farm” that sends bulk SMSs;
  • Scripts: the main function of this option is to “bypass” anti-spam mechanisms and allow the transmission of malicious content;
  • Sponsored courses and links: Criminal chats sell classes for aspiring people specializing in the field;

Black Friday Protection Guidelines

  • Beware of short-sighted messages such as “Lightning Offer” or “Unmissable Promotion”;
  • Be wary of messages that have links or attachments — inspect the spelling of links and look for spelling errors;
  • Do not send personal information by SMS, email or forms without being sure of the organization’s legitimacy;
  • Check the most indicated and correct means of contact on the companies’ official channels;
  • In the case of banks, be suspicious of messages received without prior request

Tips for companies

  • Implement anti-spoofing solutions to create an authentication standard and prevent email address spoofing;
  • Protect employees with anti-spam and anti-fraud solutions, including hiring malicious content monitoring and removal services;
  • Promote training so that employees and service providers can recognize attacks;
  • Encourage security awareness campaigns;
  • Create exclusive channels for reporting scams, in addition to implementing a process to handle these cases

Leave a Comment