S21Sec warns about the increase in fraudulent websites during the Black Friday campaign

S21Sec warns about the increase in fraudulent websites during the Black Friday discount campaign.

● According to the report prepared by S21Sec's Threat Intelligence area, a significant increase of 138% of domains registered with the expression “blackfriday” has been detected during the first week of November, accumulating a total of 6,340. 

● The most common threats are fake advertisements, phishing and its variants (vishing, smishing, quishing and e-skimming), in which criminals use digital deception techniques to steal personal and financial data

● The company offers a series of recommendations to protect against possible online scams during the commercial sales campaign, such as verifying suspicious emails, not sharing credentials on unverified sites and keeping security systems up to date.

On November 29th the famous 'Black Friday' returns, marking the start of the Christmas shopping season and, in turn, a key moment in attempts of cyber-attacks on the population. With millions of users in Spain looking for the best deals online, exposure to digital fraud increases significantly, through the creation of fake websites or phishing messages designed to steal personal and financial information. This is according to S21Sec, the European leader in cybersecurity services acquired by Thales Group in 2022, which has produced a report warning of the increase in fraud and digital threats during this period. 

The company's 'Threat Intelligence' unit has detected a notable increase in the registration of domains related to Black Friday in the first days of November, in which 6,340 domains with the name “blackfriday” were registered, exceeding by 138% the registrations of the same period in 2023. 

The report states that among the most used techniques on this date of massive purchases are fake ads, placed on social networks and sponsored in web browsers. Cybercriminals take advantage of the high demand for shopping by promoting deep discounts on essential items such as fuel, food or other essentials. These ads often redirect to suspicious websites, where items are listed at prices that are too low. 

On the other hand, among the most frequent threats are phishing attacks, where criminals use manipulative tactics to obtain personal and banking information from victims. Cybercriminals impersonate large companies, spreading fake links with apparent discounts, mainly via email. These fraudulent sites mimic the look and feel of official brands, using similar domains and replicating the design of authentic pages. The report also warns about the growing risk of vishing, or telephone phishing, motivated by the rise of this type of technique during 2024. In addition, other attack methods are highlighted, such as smishing via SMS, quishing via QR codes, and e-skimming, the latter aimed at stealing credit card information.

Lourdes Mora, Team Leader of S21Sec's Threat Intelligence team points out that, “although not all domains linked to Black Friday and Cyber Monday have malicious purposes, many are used to execute various types of cyber-attacks. During this period of massive discount shopping, where e-commerce experiences exponential growth, cybercriminals deploy social engineering techniques to obtain economic benefits through increasingly sophisticated methods. These attacks take advantage of high user demand, tricking users into revealing personal and financial data in fraudulent web spaces, incorporating terms such as “discount”, “offer”, “free” or “prize” to attract the victim's attention by impersonating large companies”.

Tips to protect yourself from commercial scams

With online shopping on the rise during the Black Friday and Cyber Monday campaigns, S21Sec has issued a series of recommendations to help consumers prevent cyberattacks. On the one hand, it is recommended to cautiously examine emails with overly attractive offers, especially if they come from unknown senders. In addition, it is crucial to always verify the URL of websites where personal information is entered, and never provide credentials unless you are completely sure of the recipient's authenticity. 

Likewise, you should avoid downloading attachments from untrusted sources, keep your operating system and applications updated, as well as having an antivirus and prevention programs to reinforce security and protect yourself against possible online scams. By implementing these measures, the user will significantly reduce the risk of falling into fraud during this period of massive purchases.