FacebookTwitterLinkedIn

Beware Black Friday

Karolis Liucveikis Written by on

The day after Thanksgiving in the United States has become known as Black Friday and has become defined by mad shopping for discounted products. The term may have originated in Philadelphia in the 1960s, where it was used to describe the heavy and disruptive pedestrian and vehicle traffic that would occur on the day after Thanksgiving. Now it is defined by stampedes at retail shops like Target and Best Buy plastered on the news. It is not only at brick and mortar stores can consumers get injured. Online shopping on Black Friday can be equally as dangerous to consumers, more accurately their bank balance.

The dangers posed to consumers are those normally faced by online purchases, only given the sheer increase in traffic cybercriminals have a greater chance of catching consumers out. The prime tool used to steal information from consumers are Banking Trojans. A banking trojan can be defined as a piece of malware designed to get financial information or hack users through a banking or financial system, commonly through an online banking or brokerage interface. They can work in a variety of ways by either seeding code into bank websites or through intercepting passwords or information through the use of keyloggers.

As many banking trojans try to steal money through online banking and mobile banking apps there has arisen a false assumption there is only a danger when visiting such websites. While this might have been the case years ago, trojans have evolved to also steal information entered on online store websites and information from the accounts associated with those websites. According to Kaspersky Labs in the first 9 months of this year, the security firm detected various banking trojans 9.2 million times. Detections included infamous trojans such as Chthonic, SpyEye, and Zeus all of which attempted to steal credentials, including banking details, from visitors to popular online stores.

beware black friday

Many of the aforementioned detections originated from well-known clothing, jewelry, and toys stores. Many of these trojans and variations thereof are designed to look for information pertaining to user accounts of websites including movie theatres, electronics stores, and large marketplaces such as eBay or AliExpress. In terms of geographical area use of such trojans has proved popular in Europe, North America, Russia, and many developing countries illustrating how widespread the problem is.

Warnings for Consumers and Shop Owners

In an attempt to warn consumer Kaspersky Labs published a warning which further highlights some of the dangers of having your credentials stolen. Often the reason for targeting banking websites and apps is to fraudulently gain access to clients’ accounts and steal funds. Why then would e-commerce websites be targeted as has been seen recently and expected to increase with Black Friday sales? Researchers at Kaspersky believe e-commerce sites are been targeted so that the stolen credentials can be sold off on a Dark Web marketplace. This would imply that cybercriminals could use the stolen accounts in money-laundering schemes. One such scheme involves buying items from a website using victims’ credentials so they look like known customers. This normally doesn’t trigger any anti-fraud measures and then the criminals will sell those items on again.

Another danger is as a result of the websites themselves experiencing a data leak. Here many of the same financial dangers exist including identity theft. Kaspersky Labs researchers managed to find over 3 million 3 million online store user accounts for sale just by searching on Google. As if to prove the point e-commerce giant Amazon announced to affected customers informed some customers this week that their name and email address were exposed due to a “technical error,” but the company provided very few other details.

The e-commerce giant claims the issue has been addressed and has told users that they do not need to change their password or take any other action. It has also revealed that the incident is not a result of something customers have done. Many recipients initially believed the emails were part of a scam as the message did not address them by name and its signature included a link to “http://Amazon.com” – some found the lack of HTTPS and the capital “a” suspicious. It’s unclear what caused the technical error and how many users are impacted. Twitter has been flooded by people saying they received the email, including individuals from the United States, the United Kingdom, and Australia. Unsurprisingly, many users are unhappy with the lack of transparency. Amazon has refused to share any additional details with customers or the press.

At the time of writing Amazon had yet to release an official statement. This comes in the wake of yet another data scandal where an Amazon employee had been terminated for handing over customer email addresses to a third-party seller that had been blocked as a result of the incident. The Wall Street Journal previously reported that Amazon had been investigating employees sharing customer data with sellers in exchange for bribes.

Safer Online Shopping

While online shopping can cost customers more than the price of an item there are measures to make the experience safer. Many modern antivirus packages include hardened browsers that prevent keyloggers from stealing credentials. In light of this installing and keeping a reputable antivirus package up to date can go a long way in preventing your credentials been stolen, let alone defending against numerous other threats. Secondly, one of the major ways trojans are spread is by spam campaigns to that extent do not follow links sent by strangers via email, SMS, or social media. Even if a friend sent a link to be wary of clicking it, a well-meaning friend could result in a malware infection.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog