Thanksgiving Day is one of the major holidays celebrated in the United States on the fourth Thursday in November. The following Friday, referred to as Black Friday, marks the start of the Christmas holiday shopping season. Almost every retailer large and small offers huge discounts on Black Friday, often extending through the weekend and the following Monday, now known as Cyber Monday.
As we near Thanksgiving and the start of the holiday shopping frenzy, we’re observing a sharp increase in cyber scams and phishing activities targeting online shoppers. As shoppers look for the best deals available, cybercriminals are quick to take advantage of unsuspecting users.
Increase in online shopping transactions
Every year during this timeframe, we observe a noticeable spike in the total number of web transactions within the Shopping
category. We have shared this trend in our previous blogs as well ([1
Last year, we saw around 2.71% of all the web transactions categorized as Shopping and this year is no different. We currently see that 2.63% of total web transactions belong to the Shopping category and we expect this number to rise as we approach the end of the month. The following chart shows that the number of Shopping transactions has increased steadily throughout November.
Cyber Scams and Phishing attacks
The increase in Shopping activity comes with an unwelcome increase in phishing attempts. Phishing is a well known attack method, often used by attackers to steal sensitive information like authentication credentials, credit card numbers and personal information. We have already seen a large spike in Phishing and Spam activity, specifically targeting Thanksgiving, Black Friday, and Cyber Monday events. The following graph shows the phishing transactions for this month that have been blocked by Zscaler:
We caution consumers to be extra vigilant this holiday season when shopping online. Here are some examples of phishing attempts that we have blocked:
Walmart phishing attempt:
Amazon phishing attempt:
Ebay phishing attempt:
The motive behind these attempts is to steal sensitive user information which includes personal credentials and financial data. Cybercriminals often use this stolen information for illicit activities resulting in monetary gain.
More phishing sites targeting online retailers:
Ebay - hxxp://124[.]150[.]140[.]133/~ritenfad/viewitem/dll/88322933932/
Walmart - hxxp://ofertaswalmart[.]besaba.com
Walmart - hxxp://walmartfriday[.]net/
Amazon - hxxp://zekocase[.]com/._ama_c0nf1rm/info_bill/login.php
Amazon - 213[.]13[.]119[.]152/am/
Fake Black Friday/Cyber Monday/Thanksgiving related sites:
Sample of subjects used in spam e-mail messages targeting online shoppers:
Get Stylish-furniture At Discount
Checkout tire sales for Black Friday
Make the Most of Black Friday, with A New smart-phone
Brand name laptops on sale for BlackFriday
[Black Friday Starts EARLY]Saveup to 90% +FREE BonusItems!
Walmart One Day Specials BlackFriday
Shop Black Friday sales to upgrade furniture
Thanksgiving Specials and BlackFriday Discounts!
New Early BlackFriday Door busters are Added EveryDay
Shop Black Friday to find discounts on electronics
Search major Savings on laptops...On black-friday
Limited Time Black Friday Deal
10% off Site-Wide. Get Your Black Friday Shopping Started Today!
How can online shoppers protect themselves?
Thanksgiving marks the start of the holiday shopping season which continues until Christmas. The Zscaler ThreatLabZ team is working round the clock to ensure that our customers do not fall prey to such malicious activity.
We highly recommend that all online shoppers exercise extreme caution and follow our holiday season shopping security checklist:
Wishing you all a very Happy Thanksgiving and don’t spend too much!
Credit for analysis: Rubin Azad, Uday Pratap Singh