SYDNEY – 17 November 2023 – Although the Black Friday shopping frenzy has already begun in some parts of the world, millions of consumers are still updating online shopping and wish lists in anticipation of 2023’s best shopping deals. Between hefty discounts that can save money, Black Friday sales events make a highly profitable playground for cybercrooks seeking to siphon some of the billion-dollar profits.
The online hazards that await consumers on Black Friday are endless, with scammers reaching out to targets via emails, texts, and social media. Some scams are dead giveaways, while more ‘hard-working’ cyber thieves aim to deliver more sophisticated ruses to eager online shoppers.
Millions of individuals fall victim to scams every year, but pre-Christmas season sales are the busiest times for cybercriminals. In the past couple of weeks, researchers at Bitdefender Antispam Lab have been relentless in monitoring Black Friday spam volumes to keep you informed about relevant email-based scams so you can safeguard your money and data.
Unsolicited Black Friday emails (spam) come in all shapes and sizes, including benign unsolicited correspondence (brick-and-mortar marketing emails meant to attract shoppers). But we’re not here to talk about aggressive marketing schemes that end in your inbox, presumably, by the dozen, during peak sales times.
In this report, courtesy of Bitdefender Antispam Lab, we would like to address the email-based threats (scams) exploiting the buzz surrounding Black Friday. With the help of our antispam researcher Viorel Zavoiu, we’ve compiled some interesting stats for Black Friday scam topics and trends adopted by fraudsters this year.
Here’s what we found:
- The Black Friday spam rate, although barely existent by the end of Halloween, has grown consistently during the past weeks, with the largest peak at 22% noticed on Monday, Nov 13. The rate of spam emails (both marketing and scams) will undoubtedly continue to grow throughout the official Black Friday week.
- According to Bitdefender Antispam filters, only 56% of all Black Friday-themed spam delivered between 26 October and 13 November was a legitimate marketing lure. The remaining 46% were marked as scams.
- Some scam campaigns impersonated big names in retail including Amazon and Target while others lured shoppers with huge sales and promotions on luxury bags and accessories (Louis Vuitton, Ray Ban and Rolex) and smart gadgets.
- 39% of such spam (by volume) was sent from IP addresses in the Netherlands. The U.S. shed 25% percentage points compared to our 2022 report, coming in second at only 24%.
- The most impersonated brands in the scam correspondence include Amazon, Aldi, and Target.
- In line with Black Friday scams, we also analysed some of the most targeted industries in phishing campaigns delivered in the past 16 days. Bitdefender telemetry shows the finance industry as one of the most targeted, at 34%, with retail coming third, at 13%.
- Black Friday shopping scams also go hand in hand with traditional phishing schemes delivered throughout the year. Between 26 October and 13 November, Bitdefender caught phishing campaigns trying to hijack Amazon, eBay, and PayPal accounts, as well as financial phishing targeting shoppers’ bank accounts. For example, on 6 November, 42% of the entire PayPal-themed correspondence (by volume) received by users was marked as a scam, as was 25% of the entire Amazon-themed correspondence received on 13 November.
A Taste Of The 2023 Black Friday Scams You Need To Be Aware Of To Protect Your Identity And Money
Armed with years of experience, scammers continue to target enthusiastic but unaware consumers with an assortment of ‘amazing deals’ to steal identities and commit fraud.
The 2023 scam agenda looks similar to the one from 2022, as cybercrooks stick to their old tricks, recycling bait they know works. A large chunk of Black Friday scams received by internet users in the past weeks sought to lure recipients with opportunities to claim exclusive early Black Friday deals, promotions and free gift cards or prizes from popular retailers.
Some of the email scams also showed clear signs of fraudsters using geo-targeting tools to tailor their attacks to specific locations, while others were geo-restricted (e.g., emails impersonating Aldi’s), meaning that cybercriminals restricted access to websites based on the location of the targeted recipients, i.e., scams sent to Australian shoppers were geo-restricted to IP addresses in Australia.
Some of the fraudulent emails also contained poison text or long blocks of usually hidden text meant to defeat keyword-based spam-filtering software.
As mentioned, the Black Friday fraud portfolio of 2023 contains a never-ending list of giveaway scams purportedly sent from well-known names in the consumer staples sector. The main objective of the fraudulent emails is to steal the recipient’s personal information and payment card data through bogus surveys and fake prizes (golf carts, smart gadgets, $1,000 gift cards and kitchen appliances) that require small shipping fees.
Popular email subjects include:
Claim your chance to win a $100 Amazon voucher
Get into the spirit of Black Friday with a $500 ALDI Gift Card!
[Black Friday] Save More, Shop More: Discount Designer Watches at Huge Discounts – Act Fast!
Unbeatable Black Friday Deals: Grab the Latest Gadgets Now
The holiday shopping season is prime time for cybercrime. Don’t let your guard down, and stick to good cyber hygiene to fend off malicious and fraudulent shopping links you may unknowingly access this month. Check out our dedicated guide for safe Black Friday and Cyber Shopping here.
Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world’s most trusted cybersecurity solutions provider, Bitdefender is committed to defending organisations and individuals around the globe against cyberattacks to transform and improve their digital experience.
READ THE FULL REPORT HERE.