Welcome to the Future of Cyber Security. Providing solutions across all vectors to prevent 5th generation cyber attacks.
The CDC (The Centers for Disease Control and Prevention) classified “shopping at crowded stores just before, on or after Thanksgiving” on its list of higher-risk activities to avoid, and in its guidance issued ahead of the holiday weekend, it also directly suggested that consumers do more of their shopping online.
Not that much encouragement has been needed. During the first 10 days of November, the traditional holiday shopping season, U.S. consumers spent $21.7 billion online — a 21% increase year-over-year. And the sales momentum is just getting bigger. According to DC360 shoppers will spend $38 billion online over 2020 Thanksgiving weekend – that’s over double 2019’s spend over the same weekend.
Of course, it isn’t just retailers who are looking forward to a record weekend: threat actors are organizing their infrastructures to try and grab their share of our holiday spending, too. In a recent report, we showed how phishing emails doubled in November in the run-up to Black Friday and Cyber Monday.
What’s more, they are not just trying to target consumers with fake shopping-related emails and websites. They are also ramping up phishing and fraud attempts to take advantage of the shipping services that will deliver the goods we have purchased.
Check Point Research (CPR) researchers are witnessing a thorough, systematic operation in which threat actors are leveraging the entire ecosystem of shopping. From special offers, through designated shopping days such as Chinese singles day, Cyber Monday, and Black Friday, all the way to the shipping and delivery process to try and trick victims into disclosing their personal details and use those details for financial theft and fraud.
In this report, CPR reveals that during the month of November we have seen a dramatic spike in phishing emails that are impersonating internationally-known shipping companies such as DHL, Amazon & FedEx.
Over 440% increase in shipping-related phishing emails in November compared to October.
Europe tops the phishing surge, followed by North America & APAC.
DHL is the company most impersonated globally in shipping-related phishing emails during November, followed by Amazon & FedEx
Surge in Shipping related phishing emails globally
We have observed that during November there has been a 440% increase in shipping-related phishing emails, compared to October. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon with 37%, and FedEx with 7% of total.
Numbers in Africa & South America were single-figures
Europe topped the list in terms of the total number of phishing emails, and the numbers grew over four times (401%) compared to October. Seventy-seven percent of these emails in November were fake DHL mails.
In the US the increase was similar (427%) comparing November to the previous month. The leading impersonated brand was Amazon with 65% of all phishing emails impersonating different Amazon shipping related notifications.
APAC showed a more moderate, though significant, increase (185%) with DHL accumulating almost 65% of the total phishing emails.
Unlike classic phishing emails that are designed to lure people into giving personal details, credit card info or bank account credentials, these emails are specifically impersonating shipping vendors with different versions of fake messages reporting a “delivery issue” or “Track your shipment” details.
All are trying to lure the recipients to submitting details and stealing credentials or financial data. We believe hackers have specifically chosen this vector in November, as they know that large numbers of online shoppers are waiting for their packages to arrive and are more attentive to shipping-related emails while they may be more aware of more traditional e-commerce related fraud and phishing attempts.
Amazon impersonation email in Japan
DHL Impersonation in USA
Italian Impersonation Amazon Business
The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.
Create your free account to unlock your custom reading experience.